But what about the organised-crime gangs behind the major attacks?
By Andy McCue
Published: 29 April 2004 15:25 GMT
The UK's cyberpoliceforce claims progress is being made in the ongoing investigation into organised criminal gangs running increasingly sophisticated phishing email scams that attempt to lure people into revealing their bank account details.
The claim follows the arrest by the National Hi-Tech Crime Unit (NHTCU) of a 21-year-old man from Lytham St Anne's in Lancashire suspected of targeting customers of the Co-operative Bank's online banking service Smile in a "copycat" phishing attack. The bank reported the attack to the NHTCU in March.
Despite the arrest, the man is not believed to be connected to the organised crime group behind the global wave of phishing scams targeting bank customers in the UK, US, Australia and New Zealand.
A spokeswoman for the NHTCU would not reveal details of the investigation but said it is "ongoing" and that "progress is being made". She said it has not stalled but details are not being released because they could jeopardise the case.
DCS Len Hynds, head of the NHTCU, said in a statement: "The message is clear. Do not try this at home, we will find you. Anybody who thinks that they can copy a scam and get away with it is sorely mistaken."
Conflicting reports emerged over whether any customer accounts were compromised. While Smile denied that any had been, the NHTCU said they believed that some were.
Phil Garlick, director of operations at Smile, said in a statement: "We regularly remind customers via secure messages and on our website not to respond to emails of this kind as we would never ask customers to send personal information about their Smile account to us in this way."
Security expert Chris McNab, technical director at Matta Consulting, said trying to catch the culprits at the source is like trying to find a needle in a haystack.
"It is practically impossible to fully stop this at the source and you'll still have naive users clicking on the links. These scammers at the end of the day could be anywhere," he said.
The best way of tackling phishing, he argued, is for the banks to act reactively. "The banks are taking this seriously and looking at putting in automated systems to keep track of domain registrations and associated websites, as well as email monitoring. Obviously they have then got to try and shut the sites down as quickly as possible."
ZDNet UK's Matt Loney contributed to this report
Reference: JS*AMC*JR/3575 Type: Permanent Position: C++ Developer Banking (C++/UNIX/Perl/Scripting/FX/Options/C++/Boost) with excellent knowledge of ...
They are looking for a Failure Investigation Engineer to join their Customer Advocacy team. This multi-national medical devices producer, offering an ...
Basingstoke/Failure Investigation Engineer/35K-40K The overall purpose of the job is to; + Undertake and document root cause failure analysis for ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy