Many online banks, it seems, are taking too few precautions to protect their customers from fake or ‘spoof’ web pages and ‘phishing’ attacks – attempts to acquire information, such as passwords and credit card details, by masquerading as a trustworthy business, usually by email.
Heise inserted spoof pages onto a number of banks’ websites to test security procedures. Yet surprisingly, say Heise, these pages still appear on the Cahoot, Bank of Scotland and First Direct sites as they did a month ago, ‘suggesting no action has been taken’, while Natwest apparently only took interim measures.
The Association for Payment Clearing Services (APACS), the organisation that co-ordinates the banking industry’s efforts to combat online fraud, has now released a new report revealing that the number of ‘phishing attacks’ has risen by over 800 per cent over the past year.
The report also claims that an estimated half a million people in the UK said ‘they would still respond to an unsolicited email asking them to follow a link and re-enter personal security details’ – a worrying statistic indeed.
[Note: APAC was replaced by UK Payments Administration Ltd (UKPA) in mid-2009]