UK bankers show 44% rise in online theft

Posted by   Virus Bulletin on   Mar 14, 2007

APACS study records major increase in phishing fraud earnings.

UK banking payments body APACS has released its latest figures for credit card and other types of banking fraud, showing a sizeable drop in straight card fraud but a similarly large rise in funds stolen via phished online banking details. The figures compared reports for 2006 to those received in 2005.

Standard credit card fraud taking place at the point of sale in UK retailers fell by 47%, thanks mostly to the introduction of 'chip-and-pin' systems to replace signature-based authentication. A jump in card scamming abroad, with signatures still the main form of identification, brought the total back up but there was still an overall decrease of 3%. Cheque fraud was also down, by 24%, in line with a general decline in cheque usage.

Online fraud, however, went up by a massive 44%, with £33.5 million scammed from online bank accounts. This compares to £23.2 Million in 2005 and just £12.2 million in 2004. Phishing 'incidents' are recorded at 14,156, also a huge rise from the 1,713 reported the previous year. No distinction is made in the report between banking details obtained via spammed links to spoofed banking sites and login information stolen by spyware.

'These figures reflect a worrying trend which is hitting banks and their customers worldwide,' said John Hawes, Technical Consultant at Virus Bulletin. 'The phishing problem is growing in scale and sophistication, with technical advances and new social engineering techniques spotted almost daily. The banks need to shoulder some of the responsibility for this, and ensure their online systems are as secure as possible, but users will always be a weak link in the chain and need to exercise caution when carrying out financial transactions across the web, particularly avoiding responding to unexpected emails requesting personal information.'

The report from APACS is available here.

Coinciding with these fraud figures, security measures in UK banks have come under fire in a report from the Information Commissioner's Office (ICO), which criticises several major banks for disposing of sensitive customer data in an insecure manner. Its report, naming 11 banks found to have dumped paperwork with personal information in freely-accessible waste bins, can be found here (PDF format). A list of the banks, and links to their signed undertakings to improve disposal methods, is here.

Posted on 14 March 2007 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.