Phishing catches out retailers

Phishing attacks continued to rocket last year, according to several new studies released this week, presenting banks and online retailers with increasing challenges to their brand and reputation.

Incidents of fraudulent web sites set up to trick users into entering their personal details, increased from 1,713 in 2005 to 14,156 last year, according to the latest figures from UK payments association APACS released last week.

The number of unique phishing messages increased to 166,248 over the period July to December last year, which amounts to 9054 unique messages a day, according to the Symantec Internet Security Threat Report out today.

And according to the latest online fraud report by identity management specialist RSA Security, UK banks remained the second most likely to be phished by fraudsters.

But an Apacs spokesman argued that consumers are more able to spot phishing attempts because they are now so widespread, and because the banking industry has made great strides "in trying to inform the user what to look out for".

Firms themselves must take responsibility for ensuring their brands are not abused in phishing or other attacks, according to Irfan Salim, chief executive of fraud prevention specialist MarkMonitor.

"The brand owners need to make sure the customer who thinks they are buying their product is actually buying it, and where they're buying it is an authorised place," he argued. "This is not something the customer or the ISP will pay for."

He added that phishing is likely to remain popular among criminals as the number of new internet users, who are less knowledgeable about the potential dangers of phishing and therefore more susceptible to fraud, increases.

European general manager of the firm, Charlie Abrahams added that Apacs' plans to move to a faster payment clearing system this November may also encourage more online fraudsters, as it gives the banks les time to stop potentially fraudulent transactions

"It could take as little as 15 minutes [for a payment to clear], so the chances of fraudsters to make money will be higher," he explained.

Stijn Bijnens of identity management specialist Cybertrust said that the new Extended Validation (EV) SSL certificates could help to solve the phishing problem by showing the consumer which sites are authentic and which aren't.

"We're getting to the point now where the cost of fraud is higher than the cost of the fraud solutions," he argued. "EV SSL gives you more confidence you're visiting the right site, but we're 6-12 months away from [widespread adoption]."