Finance sector bracing for upswing in Internet fraud
By Bernhard Warner
Date: December 16, 2003
Cyberscams expected to soar in 2004, experts say
DECEMBER 15, 2003 ( REUTERS ) - LONDON -- Banking officials and computer security experts predicted today that the wave of cyberscams targeting the financial services sector will soar in 2004 as the industry braces for a new onslaught of fraud schemes. The gloomy prediction comes amid a string of e-mail and Web site spoofing scams preying on banking customers.
Police call the relatively new phenomenon "phishing," so named because fraudsters try to lure unwitting customers into divulging their bank details.
In the past few months, a rash of e-mails posing as correspondence from some of the world's biggest banks have flowed into various e-mail in-boxes. The scams have been reported in the U.K., the U.S. and Australia, to name a few.
"We see phishing as just the toe in the water," said a security expert at one of the U.K.'s largest banks who spoke on condition of anonymity at a summit in London dedicated to security matters in the financial services industry.
"It's like credit card fraud. Phishing is not big yet. But it will be," the expert said.
Top security threat
Banks, desperate to protect their reputations and preserve a fast-growing segment of their business, consider online fraud schemes a top security issue.
"The level of concern among our customers about the risk is certainly on the increase," said Nick Sears, vice president of sales for Finjan Software Inc., a San Jose-based security company that counts some large banks as its customers.
British banks have been particularly hard hit this fall, with more than a half-dozen firms, including Barclays PLC, Lloyds TSB Group PLC and NatWest, posting warnings to customers that they have been the target of fraudsters.
At today's summit, industry officials sounded a sobering note that technological advances will do little to halt the crime wave. Instead, they said, the best defense lies with the customer.
"At the end of the day, the customer has got to start being more aware of what they're doing online. If somebody came up to you on the street and asked you for your credit card, you're not going to give it away. Why would you listen to an e-mail?" the bank security expert said.
Police blame the crime wave on organized crime syndicates based in Eastern Europe and other regions where law enforcement is ill-equipped to investigate the cases.
Meanwhile, the industry has been scrambling to find a fix of its own. One suggestion is the creation of a "dot-bank" Web domain that would be distributed solely to financial services companies.
A main problem, law enforcement officials say, is that fraudsters can easily acquire a dot-com Web site address that looks like an authentic business Web address.
In one version of the scam, bank customers are sent an e-mail directing them to a site that appears to be affiliated with the bank where they are instructed to update their bank details by supplying various forms of personal identification.
"A dot-bank domain wouldn't stop it, but it would certainly narrow down the spoofing opportunity," said Lee Fisher, solutions architect at McAfee Security for Consumers.
^macro[showdigestcomments;^uri;Finance sector bracing for upswing in Internet fraud]