I'm not, by nature, a suspicious man. But whenever I receive an unsolicited email from an institution with which I hold any kind of account, I resist the convenient temptation of clicking on the link in the email. I always go to my browser and type the address
in myself - it's the only way to be sure.
I assumed that everyone else did the same, but apparently not. According to figures from Trusteer, the security software vendor, Phishing attacks are frighteningly common and a large number of people fall for them.
If their figures are to be believed, a staggering 45% of bank customers who are redirected to a phishing site divulge their credentials. They estimate that out of every million users, 4,700 sets of login details are lost to criminals each year. Over a 3
month period, each financial institution was targeted by 16 phishing websites each week.
Early phishing emails were laughably poor in their execution with obvious spelling errors and barely credible email addresses and yet still people fell for them. Nowadays, they have grown in sophistication and in many cases are very difficult to distinguish
from the real McCoy.
It's going to take a combination of technology and education for banks to tackle this threat. Only one of the financial institutions with which I hold an account has established a protocol and explained it to me so that I can recognise a genuine email and
none of them have adopted digital signing of emails.
Until action is taken, there's going to be a lot of cost and upset customers for banks to deal with.