Phishing figures worry FSA

Phishing figures worry FSA

The UK financial services sector has experienced an 8000% increase in online phishing scams in the past two years, according to figures presented by the Financial Services Authority.

According to a BBC report, the FSA's financial crime team told the Lords science and technology committee yesterday that incidents of phishing are set to rise by 90% for the second year running.

The committee - which is conducting an inquiry in personal Internet security - was hearing evidence from The Financial Services Authority (FSA), Apacs, Visa and the Royal Bank of Scotland (RSA) on policies that are in place to protect consumers from ID theft.

Between January and June 2005 the number of recorded phishing incidents was 312, the Lords committee was informed. But this rose to 5059 for the same period this year, according to stats released by Apacs. Around £23.2 million was plundered in scams in the the first half of 2006, the committee heard, and this figure is expected to be £22.5m for the second half of the year.

Philip Whitaker, Apacs security chief, told the committee that the increase was down to better detection methods, but also said fraudsters were adopting an increasingly "industrialised" approach.

"The rate of growth in phishing is down to a number of factors not least that they have been able to industrialise the process by which the criminals are launching attacks," he said. "It is also an indication of the banks success in combating phishing as the less successful phishing emails are the more need to be sent out."

Whitaker told the committee that phishing accounts for anywhere between 25% and 50% of the attacks that cause losses on customer's accounts.

Philip Robinson, the FSA's head of financial crime, said he believed Internet banking was generally safe but admitted that banks were reluctant to report incidents to the police.

This echoes claims made earlier this month by Detective Superintendent Russell Day of the Metropolitan Police who told an all-party parliamentary group on identity fraud that many banks were not reporting system attacks due to concerns over customer confidence or because a lack of confidence in the ability of the police to deal with cyber crime.

In yesterday's testimony, Apacs' Whitaker said banks were reluctant to report incidents to the police because the likelihood of a security fraud being successfully investigated was "very low indeeed".

Whitaker also rejected calls for banks to inform customers of all security breaches, as is the case in some areas of the US.

Comments: (0)