Phishing attacks surge

There has been a massive increase in the number of attempted phishing attacks and a huge rise in the amount of money lost to online fraud, according to APACS, the UK payment services association.

The Association of Payment Clearing Services (APACS) released card and online fraud figures on Tuesday which showed phishing incidents have increased almost 1,500 percent year-on-year since 2005.

In the first half of 2005, just 312 separate phishing attacks aimed at UK users were recorded by APACS. From January to June 2006 there were 5,059 attacks, an increase of 1,471 percent.

This huge rise was linked to a 55 percent increase in money lost to online fraudsters in the same period. Banks lost £22.5m from January to June 2006, as opposed to £14.5m in the first half of 2005.

Phishing scams involve fraudsters setting up fake banking websites, then sending emails to try to lure people to visit the sites, where the unwitting enter their credit card and other banking details. Once these details have been stolen by the fraudsters, they are either sold or the information is used to take money from the account.

APACS said it was "no surprise" that the number of phishing attacks had increased, as the crime was relatively low risk and high yield.

"Clearly people are falling victim to this [crime]. It's low cost and easy to get away with," said Jemma Smith, head of PR for APACS. "It's no surprise they've upped the number of attacks. I get 25 phishing emails a day — I'm surprised there aren't more."

Although the sharp increase in the number of attacks did not lead to a direct correlation with the increase in the amount of money lost, APACS said that there were still too many victims.

"Fifty-five percent is an unhealthy rise. Too many people are falling victim to this simplistic crime," Smith told ZDNet UK. "[People don't yet understand that] you need to be as cautious responding online as when people knock on your door."

No statistics were available for the number and demographic of the victims, because many people were "shy about coming forward", said Smith, as people could feel embarrassed about being caught out.

As well as the surge in phishing, APACS also recorded a large increase in the number of "mule recruitment adverts". Once bank details have been stolen, one method of extracting money from the account is to find someone willing to accept the cash, which is then transferred into their account. The mule then transfers the money to an offshore account for a cut of the proceeds. Mules are normally fooled into transferring the money, but are sometimes coerced by the criminals.

Mule recruitment adverts increased by 140 percent year on year from the first half of 2005, from 197 to 473 recorded incidents.

APACS said that both phishing sites and mule recruitment adverts look much more plausible now, compared with 2003, which could have added to the number of people being fooled.

There has been no indication that consumer confidence in online banking has been affected by the rise of online fraud, with 15.7 million regular users of UK online banking facilities. However, APACS said that risk to reputation would mean there would be no complacency in the banking community about phishing.

"[Banking] business is reliant on making customers feel confident — there's no complacency in fighting fraud," Smith insisted.

Microsoft's chief security advisor, Ed Gibson, said that common-sense precautions could cut the number of successful phishing attacks.

"Both online banking and phishing losses have risen. Basic precautions such as making sure your PC receives its automatic updates, has antivirus software and a firewall are essential," said Gibson in a statement.

"Even with all sensible precautions in place, people using computers still have to operate the same level of common sense in the online world as they do in the physical world. For advice, visit the Get Safe Online website," Gibson added.

APACS collected the fraud figures through collaborating with its member banks and various online players, including software suppliers and internet service providers.

Antivirus company Kaspersky confirmed that it had seen a rise in phishing emails consistent with the APACS figures.