Thursday, December 14, 2006

Phishing Scams on the Increase in the UK

I came across this article in the Register today, it makes scary reading.

UK incidents of phishing scams have grown 8,000 per cent over the last two years, according to the government's financial watchdog authority. Although losses remain modest compared to other forms of financial fraud, banking security experts speaking before the House of Lords science and technology committee are concerned about the growing prevalence of scams designed to trick consumers into handing over online banking credentials.

Rob Gruppetta, of the Financial Services Authority (FSA) financial crime team, told the parliamentary committee, "We are very concerned about the rate of increase. It has gone up by 8,000 per cent in the past two years. But in the grand scheme of total fraud it is still quite small," he added.

Between January and June 2005, 312 phishing incidents were recorded, a figure that shot up to 5,059 for the first half of 2006, according to figures from UK banking payment organisation Apacs. Improved detection rates are partly behind the increase but even so the growing sophistication of scammers is leading to heavy losses from UK banks.

Apacs security chief Philip Whitaker told peers that scammers had transformed phishing scams from a cottage industry into an industrial process.

An estimated £23.2m was stolen from UK online bank accounts using email scams in the first half of 2006, with a slight decreases in losses to £22.5m for the second half of the year, the BBC reports. In the year prior to October 2004, Apacs estimated phishing cost UK banks £4.5m, which compares to a £45.7m estimated loss for 2006. Despite growing losses, security experts testified that online banking was essentially safe.

There are some simple precautions you can take to make sure you don't become a victim;

1. Never click on a link in an email to take you to a secure site, if you need to log into your internet banking or ebay account then use the link in your favourites
2. Never, give out your password or login details either on line or over the phone.

If you think you have had a phishing email then you can report it to the PIRT squad at CastleCops, they will investigate it and actively work to get the site taken down. There is more information about phishing and staying safe online at Bank Safe Online