Phishers target bank security upgrades: RSA

There was a spike in phishing activity last month, with fraudsters targeting an increasing number of brands and using more sophisticated tools to try and fool online banking customers, according to the RSA Online Fraud Intelligence Report for November.

According to RSA, which recently became the security division of storage firm EMC, an increasing number of financial institutions have been upgrading their online banking systems in order to comply with US regulations. Phishers have been using the upgrade activity to try and exploit users.

Just over a year ago, five US banking regulators -- under the FFIEC umbrella -- advised financial institutions to "deploy security measures to reliably authenticate their online banking customers". The global nature of the banking industry means that any such regulations in the US are at least partly relevant for financial institutions based in Australia.

RSA claims that some of the most advanced phishing attacks during November tried to exploit banking customers before or during the implementation of these new systems.

"With the enhanced level of protective measures taking hold across the financial industry, fraudsters are stepping up the level of phishing activity prior to the deployment of additional layers of defence.

"And they are doing so by mimicking the very efforts that financial institutions are implementing to better protect their customers. The latest scam involves a phishing e-mail requesting customers to ... upgrade to the bank's new security enhancement," said the RSA report.

Citibank Australia was criticised last month for possibly contradicting its own security guidelines by sending an e-mail that asked customers to update their log-in details due to an upgrade to the bank's online security system.

Security experts and even Citibank's own staff had trouble confirming if the offending e-mail was genuine or a phishing attack.