Phishing targets put up their guard

The Association of Payment and Clearing Services (APACS) has claimed that banking customers are waking up to the threats of online fraud.

Speaking to silicon.com sister site ZDNet UK on Wednesday, an APACS spokeswoman said that although last year's figures for online fraud were high, only a few people were hit. This is due to growing awareness about phishing scam emails, which are sent by criminals pretending to be officials from banks or online shops, APACS believes.

"Increasingly customers are realising that banks don't communicate this way and that they shouldn't respond to fraudsters," said Sandra Quinn, director of corporate communications for APACS. "We're not surprised that last year's losses are high because of the number of attacks that have been made. What is encouraging is that it affected only a very small number of victims."

APACS reported earlier this month that banks lost £12m through online fraud last year, as consumers fell victim to identity theft email scams. APACS collected the figures from member banks of its E-banking Fraud Group. An APACS report on card fraud stated that phishing scams in particular were responsible for online financial crime, although identity theft and cheque fraud also contributed to the figure.

A recipient of a phishing email will typically be asked to click on a web link that appears to link to their bank's site, which then takes them to fake website designed to look like their bank site, and type in their personal details.

Trojans and keystroke logging software are sometimes used as tools in phishing attacks to record what someone types when they visit their bank's site.

It was unclear from APACS' information how many banks took part in the survey. "The banks give us their losses [figures]," Quinn said. "No banks we asked for figures have not provided them."

Last year UK card fraud losses totalled £504.8m — a 20 per cent rise from 2003. APACS said this was due to fraudsters increasing their activity before chip and PIN was fully implemented. 2004 was the first year APACS recorded online banking fraud.

Dan Ilett writes for ZDNet UK.