Phishing crackdown overdue

For several months, your writer had the feeling -- rightly or wrongly -- that those parties were not sufficiently concerned about a particularly nasty, costly and insidious threat to the public.

That feeling was reinforced in January when Peter Coroneos, the head of the Internet Industry Association, said banks had "not done enough" to combat the phishing problem.

However, some headway is now being made against the scams, with more to come. The announcement that specialist staff from Australia's big banks would be seconded to the Australian High-Tech Crime Centre to help tackle phishing is just one element of a more serious commitment by all concerned to stop the practice.

Federal Justice Minister, Senator Chris Ellison, highlighted that new commitment last week, telling the Seven Network's Sunrise program: "We've already had a few cases where there've been prosecutions, we've got a number of investigations which we're pursuing, and of course we'll also be embarking upon an educational campaign to alert online banking users as to this problem."

Australia's financial sector in particular has a healthy stake in the curbing of such scams. While experienced, competent computer users are unlikely to be duped into unwittingly releasing their online banking username and password to fraudsters, more naïve users may not be so guarded. That naivety is shamelessly exploited by phishing scammers, who use a range of techniques to try to convince users that their scam e-mails are genuine.

These include -- and I borrow heavily here from a paper released today by the Department of Communications, Information Technology and the Arts (DCITA) -- pretending to come from a financial institution while incorporating a credible e-mail address; copying that institution's logo and message format and including, in many cases, links to a Web-site which is a credible replica of the institution's home page.

According to DCITA, phishing e-mails "give themselves away," by purporting to require details such as Internet banking logon, credit card number or PIN.

They also try to instil a feeling of urgency by warning your account will be closed down unless you log on, or that your account has been debited by a large sum of money and your account details are needed to confirm the charge is incorrect.

The more users who are burnt by these scams -- and the costs can be financially and personally disastrous -- the greater the damage to consumer confidence in the security of online transactions. A sharp drop-off in confidence in this area would not be welcome to financial institutions, which view online as an essential, low-cost plank of their overall service strategy. It will be interesting to see how effective this assault on phishing is in making customers feel their online banking details are safe.

NB: Several readers have come forward with their views since this commentary was originally published in ZDNet Australia's   News Perspectives newsletter on Thursday last week. Here is a selection of your comments. We welcome any feedback to any of the commentary posted in ZDNet Australia's   newsletters.

• "My conclusion is this: to the Australian retail banks, the personal distress caused to individual customers by electronic bank robbers stealing funds from accounts via online fraud is considered not as significant to a bank's business as responding to the unyielding pressure from industry analysts for them to drive down costs and increase revenues and profits. Migrating everybody to Internet banking is the end game." -- Ben Cardillo.

• "So, for once, I applaud the government starting a taskforce to look at this. Lets just hope this tiger has teeth".

• "Following the paper trail back to these people is an exercise in persistence, not high technology, and the sooner it becomes more pain than it is worth, the sooner it will stop".