Sam Dunn: Sadly, there's plenty more phish in the sea

Click to follow
The Independent Online

It used to be easy to spot the chancers. An outrageous email would pop up on your screen littered with spelling howlers and peculiar turns of phrase. If you even bothered to read on to the bit about sending your bank password and account details to a separate website, "for an update", your finger would hit the delete button at that point.

It used to be easy to spot the chancers. An outrageous email would pop up on your screen littered with spelling howlers and peculiar turns of phrase. If you even bothered to read on to the bit about sending your bank password and account details to a separate website, "for an update", your finger would hit the delete button at that point.

Today, it's evident that the fraudsters have grown up. "Phishing" scams, where emails purporting to be from your bank ask you for security details only to rob your account later, have become sophisticated operations using realistic logos and pristine graphics to dupe online users.

NatWest had to suspend part of its internet banking service last week after customers began receiving fake emails demanding account details. Nobody lost out, the bank says, but simple tasks like setting up third-party payments and standing orders were temporarily unavailable.

A couple of months ago, it was customers at the Halifax who were targeted. Phishers pasted pictures of Howard Brown, the bank's enduring mascot, into the email to lend it an audacious touch of authenticity.

The cunning doesn't stop there. Many emails include warnings about the very fraud they are practising.

Their efforts have so far been rewarded: some £4.5m was filched from about 2,000 online customer accounts in the nine months to June this year. And with 14 million online bank customers in the UK, it is fair to assume they're still hungry.

When all it takes is a moment of naivety to reel in a catch worth thousands of pounds, we're going to remain in their sights for a long time.

Banks have so far pledged to protect us and say they will refund any losses if we fall victim to such scams.

Up to a point. Compensation depends on individual circumstances, with caveats about stupidity and negligence. If we're particularly or repeatedly bone-headed or careless about replying to such emails, the message from the banks is that cover won't necessarily be there.

Lenders are generally content to reimburse losses for now but the indications are that this situation won't continue for ever, particularly if the scams begin to cost the banks serious money.

For now, they are confident that their preventive, anti- phishing messages will be enough to counter the problem. Online banking sites are fervently telling customers to ignore any emails claiming to be from them, to report any such fraudulent message by telephone, to forward it to a listed email fraud address and then to hit delete.

An anti-phishing working group is also tracking the problem and analysing possible solutions.

While the recent spike in phishing scams might not inspire great confidence, it would be taking it too far to start losing faith in the general safety of online banking and shopping.

It's worth remembering that the cracks allowing criminals to ghost into the system have been unwittingly created by us. Thanks to our vulnerability, they tease our passwords out of us rather than launching assaults on the bank's software.

Last week, as NatWest struggled with its own phishing scam, its banking system was robust enough to allow hundreds of thousands of web customers to carry on using their internet accounts without disruption.

We should also take heart from the anti-phishing plans being developed by lenders and the Association for Payment Clearing Services.

They are working on a technology that will combat phishers by giving users a password that even we won't know. It may sound like a futuristic fantasy but details are understood to be at an advanced stage.

In the meantime, however, it's a case of staying alert. Whenever you're on a financial website making payments, look for a padlock displayed at the bottom right of the screen. Click on this and you should find yourself looking at a certificate of information for authenticity.

Check also at the start of the secure page's "http" website address, where you should read an extra "s" for security.

If we all take precautions, the phishers could soon find themselves fried.

s.dunn@independent.co.uk

Looking for credit card or current account deals? Search here

Comments