Phishing

 

What is it?

Phishing is the term used to describe spoof websites on the Internet which predominantly purport to be the genuine websites of the various Banks and other financial institutions which operate in the UK.  However, any website dealing in financial transactions, e.g. online shopping, can be phished, as can any other website where the gleaning of personal information can be of benefit to the fraudster, e.g. in furtherance of identity fraud.

The term phishing comes from the analogy that the fraudsters are "fishing" for information in the sea of Internet users.  The "ph" spelling has its origins in the hacking community when phone "phreakers" used to manipulate telephone exchanges to gain free calls.

How does it work?

The principal scam involving Internet banking works by randomly emailing individuals claiming to be a named Bank or other financial institution.  If the recipient happens to hold Internet banking facilities with that particular institution they are prompted to visit a highly professional and genuine looking website where they are invited to disclose their banking details and other personal information, usually on the pretext of the issuing Bank updating their records.  The fraudster then uses this personal information to withdraw cash from the customer’s account.

IT SHOULD BE NOTED THAT NO UK BANK OFFERING INTERNET BANKING FACILITIES WILL EVER CONTACT THEIR CUSTOMERS OR ASK FOR PERSONAL INFORMATION IN THIS MANNER.

There are thousands of these emails in daily circulation. 

DO NOT, under any circumstances, respond directly to these emails by clicking on links, as these will lead to the bogus website.  Instead, report the matter to the institution concerned using their known contact details.  If you wish to visit your online account, do so in the normal manner via your Internet browser.

How much are online UK banking fraud losses?

In 2004 fraud losses totalled £12million.  As with card fraud, UK online banking customers will not be liable for fraud losses as all Banks have published online guarantees that state, providing a customer does not breach their terms and conditions, they will not be held liable for any losses.  Banking online is safe providing you use a fully protected PC and remain wary of unsolicited emails.

Further reading:

APACS

An Example.....

The following example of a phishing email was received on my home computer and, with the exception of anonymising it, I have faithfully reproduced the content.  The spelling and syntax, as well as the content of the 'From' field, are clues that this email did not originate from a trusted source.  It is, however, capable of eliciting a response from the unwary.

More recent phishing emails have shown a marked improvement in quality.  To avoid becoming a victim, do not click on the link purporting to lead to your account.  Genuine emails will not ask you to do this.

From: User vlqyjzwmxv [vlqyjzwmxv@jntp] on behalf of xxxxxxx [security@xxxxxxx.co.uk]
Sent: 12 October 2006 16:14
To: xxxx@xxxxxx.co.uk
Subject: xxxxxxx: Security Update

Dear Client of xxxxxxx Online!

Summer 2006 has been hard for our Bank due to the increasing number of clandestine practices.
Sensible information about our clients is of constant interest for swindlers.
Lots of people seek protection from the hazard of losing money from their bank accounts.

In this respect, Bank announces that September is the fraud-fight month.
Before Octomber 1st all our clients should activate new account protection system.
We have upgraded and considerably improved it. Top EFT specialists tested the system, and independent experts have already affirmed its reliability.
We do not publish this information in mass media in order that malefactors could not employ it criminally.

You have been randomly chosen for the final testing of the account protection system.
Now we offer you to go to http://security.xxxxxxx.co.uk/update.co and activate the new security system by entering the Internet banking as always.
Currently you may notice some defects.
We are aware of them so you do not have to inform us of these problems, we shall obviate the difficulties on our own.

Please note that on and after September 1st you will have to use the new security system, otherwise your account will be blocked until your identity is proven.
That is why we strongly recommend changing over to the new security standard as soon as possible.

Best regards,

Fraud Fight Department
xxxxxxx Online    

Contact us Contact us    Print this page Print this page    
website development by ecommnet ltd