Computer Crime Research Center


Millions at Risk from Cyber 'Phishing' Gangs

Date: February 29, 2004
By: Pat Hurst

Millions of online bank customers could be in danger from a growing new Internet scam known as “phishing”.

Police have warned that three financial institutions have already lost 20 million each to Internet crime in the past year and the number of “phishing” cases known to police has increased more than 600% over the same period.

Among banks that have been hit are Halifax, Barclays, NatWest, Lloyds TSB and HSBC.

Phishing involves sending out millions of e-mails, “phishing expeditions” to people directing them to a website masquerading as their bank’s own online home.

But the site is a carbon copy of the original – set up by sophisticated criminal gangs often in eastern Europe.

They hope to hook online customers and prompt them to disclose names, account details and passwords.

This information is then used by the gang, who go to the bank’s real website to clean out the customer’s account.

Britain’s top Internet policeman has already warned the losses to British business of internet crime is in the billions rather than millions.

When gangs succeed in stealing cash the banks are forced to reimburse the customer.

Halifax Bank last October had to shut down its website temporarily after it was cloned and a “phishing expedition” launched by e-mails directing customers to the fake website.

The scam was later traced to Russia and the fake website taken off the net.

Mark Hemingway, spokesman for Halifax said: “They keep trying it and if you supply this information you are effectively giving the keys to your account. That is why we took the site down and contacted all our customers.”

Det Chief Supt Len Hynds, head of the National Hi-Tech Crime Unit (NHTCU), told an e-crime conference in London this week that cases of phishing had increased from seven in 2002 to more than 50 in 2003 – and the criminals were getting more sophisticated.

He said online bank customers must be aware of the dangers.

“If you receive unsolicited e-mails inviting you to visit an online bank and put in your name and password, simply don’t do it,” Mr Hynds said.

“No bank will invite you to do that. It can be very credible and they look just like the real thing.

“We have seen a marked increase in the intelligence and evolution of that kind of crime.”

David Aucsmith, chief technology officer for Microsoft Corp’s security business and technology unit, told the conference: “Fake websites seem to be much more common than they were a year ago. They are definitely on the rise.”

The conference, involving police, government and businesses, also heard that cyber-crime was costing UK business billions of pounds through virus attacks, hackers, extortion and fraud.

A survey by NHTCU of 201 British firms revealed 83% had experienced hi-tech crime last year – costing them 195 million – with 15% suffering from phishing attacks.

Financial fraud was suffered by 62% and three firms from the financial sector had lost 20 million each.

The survey heard that less than one quarter of companies in the survey even reported e-crime to police.

Within the financial industry there is a reluctance to admit banks have been hit by Internet crime for fears customers will stop using online banking or switch to a competitor.

“You wouldn’t want to keep your money in a bank that kept getting broken into would you,” said one industry insider.

Mr Hynds said companies which were being attacked were now being more open with the police in sharing information, investigating attacks and building strategies to counter them.

The steady growth of banks offering services on the Internet has proved to be a magnet for criminals, insiders say.

It is far cheaper for banks to close branches on the high street and go on-line with estimates there will be 84 million Internet banking customers in Europe by 2007.

If customer confidence is crippled by such scams the whole industry could be affected, experts say.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-05-16 16:12:53 - I hate phishing the mosquitos are bad.... Brooklyn Scheneller
2005-05-16 16:09:18 - Phishing is a major problem that needs to... Mitchell Roundtree
2005-05-16 16:06:50 - I think that phishing is a problem that... Mitchell Roundtree
Total 3 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo