Jul
28
Filed Under:
MISCELLANEOUS
Phishing up 180 percent in six months
28 July 2008
According to APACS, the UK payments association, the number of people banking online has risen by 505 percent in the last seven years. However, in just the last six months alone the number of reported phishing incidents has risen by 180 percent in the UK.
In the year 2000 just 3.5 million people were using online banking according to APACS figures released this week. That number has jumped to more than 21 million last year, a rise of some 505 percent.
Although the chances of becoming a victim of banking fraud are very low, APACS reckons that there has been a year-on-year drop of 33 percent in online banking fraud losses (down to UKP £22.6 million AUD $46.9 million) from 2006 to 2007 for example, criminals are continuing to target customers with phishing and spyware scams.
This, APACS concludes, is largely because the banks own systems have proved extremely difficult for the criminals to attack successfully.
"Online banking has changed the way we access our bank accounts, and is now second nature to many of us" says Sandra Quinn, Director of Communications at APACS. "In the future we expect more and more people to use online banking to make payments rather than just checking balances" she adds, warning "we strongly urge banking customers to make sure they remain wary of online scams such as unsolicited emails claiming to be from their bank, and to only use a fully protected PC with regularly updated anti-virus software and a firewall installed and switched on."
APACS has published a Banking Safely Online advice guide to help remind online banking customers of the need to stay vigilant and follow simple safety procedures when banking online.
Greg Day is an analyst at one of the largest security vendors, McAfee, and has been looking at exactly why there has been such a large jump in the number of phishing attempts so far this year.
How do reuse, awareness and growth figure in the cybercriminal phishing strategy?
He suggests that reuse is an important factor, with the same carefully crafted scam messages being used again and again. "Attackers have honed their emails in terms of grammar, content and layout (often pulling in genuine graphics from the bank they are spoofing)" Day warns, adding that they are "just changing the domain or website link displayed when you click on the link."
And while phishing sites and links are usually shut down once the fake site has been identified, Day reckons that cybercriminals are getting more successful in tricking users "by using either trial domains or other legitimate genuine sites that have been compromised or hacked into."
User awareness is also an issue, as financial and government bodies step up the education campaign to mirror the increases in phishing scams. "As such the volume of phishing emails must increase to target users who are not as savvy or aware of these threats" Day concludes.
The APACS data highlights the volume of incidents reported, but not the number of people that have fallen victim to phishing scams. "The increase in the number of incidents highlights that through better education and protection technology, people are becoming better able to deal with the problem" says Day.
In its recent McAfee Spam Experiment the company found that some 8 percent of spam being received by UK participants was of the phishing variety. A much lower percentage than experienced by participants from other countries. But the UK should not be complacent as online banking becomes commonplace so, as those APACS figures reveal, the problem is likely to get worse.
"Brazil commonly seems to be a high phishing target as they were an early implementer of online banking" Day reports, concluding "As we see online banking usage increase in the UK, we expect to see increases in the number of phishing emails, as the opportunity for the cybercriminal grows."
RELATED INFO:
Banks warned of computer 'super bug' that can change identity
Researchers Trace Structure of Cybercrime Gangs
Although the chances of becoming a victim of banking fraud are very low, APACS reckons that there has been a year-on-year drop of 33 percent in online banking fraud losses (down to UKP £22.6 million AUD $46.9 million) from 2006 to 2007 for example, criminals are continuing to target customers with phishing and spyware scams.
This, APACS concludes, is largely because the banks own systems have proved extremely difficult for the criminals to attack successfully.
"Online banking has changed the way we access our bank accounts, and is now second nature to many of us" says Sandra Quinn, Director of Communications at APACS. "In the future we expect more and more people to use online banking to make payments rather than just checking balances" she adds, warning "we strongly urge banking customers to make sure they remain wary of online scams such as unsolicited emails claiming to be from their bank, and to only use a fully protected PC with regularly updated anti-virus software and a firewall installed and switched on."
APACS has published a Banking Safely Online advice guide to help remind online banking customers of the need to stay vigilant and follow simple safety procedures when banking online.
Greg Day is an analyst at one of the largest security vendors, McAfee, and has been looking at exactly why there has been such a large jump in the number of phishing attempts so far this year.
How do reuse, awareness and growth figure in the cybercriminal phishing strategy?
He suggests that reuse is an important factor, with the same carefully crafted scam messages being used again and again. "Attackers have honed their emails in terms of grammar, content and layout (often pulling in genuine graphics from the bank they are spoofing)" Day warns, adding that they are "just changing the domain or website link displayed when you click on the link."
And while phishing sites and links are usually shut down once the fake site has been identified, Day reckons that cybercriminals are getting more successful in tricking users "by using either trial domains or other legitimate genuine sites that have been compromised or hacked into."
User awareness is also an issue, as financial and government bodies step up the education campaign to mirror the increases in phishing scams. "As such the volume of phishing emails must increase to target users who are not as savvy or aware of these threats" Day concludes.
The APACS data highlights the volume of incidents reported, but not the number of people that have fallen victim to phishing scams. "The increase in the number of incidents highlights that through better education and protection technology, people are becoming better able to deal with the problem" says Day.
In its recent McAfee Spam Experiment the company found that some 8 percent of spam being received by UK participants was of the phishing variety. A much lower percentage than experienced by participants from other countries. But the UK should not be complacent as online banking becomes commonplace so, as those APACS figures reveal, the problem is likely to get worse.
"Brazil commonly seems to be a high phishing target as they were an early implementer of online banking" Day reports, concluding "As we see online banking usage increase in the UK, we expect to see increases in the number of phishing emails, as the opportunity for the cybercriminal grows."
RELATED INFO:
Banks warned of computer 'super bug' that can change identity
Researchers Trace Structure of Cybercrime Gangs
Copyright 2011. Site powered by Bitdefender