Phishing on the rise

Phishing attacks are on the rise and an increasing number of customers are falling prey to fraudsters, say local banks.

While the big-name banks declined to release specific statistics on phishing attempts, they have confirmed online banking customers face increased attacks from fraudsters.

Phishing is a scam where clients receive e-mails which claim to come from a financial institution. It requests a client to confirm his or her login credentials by redirecting them to a “phishing” Web site, which is designed to look like the official Web site of the institution. All details entered on these Web sites are immediately passed on to the fraudsters and used to gain access to banking accounts.

First National Bank (FNB) recently released a statement to its online banking customers warning that phishing is on the rise, saying: “There has been a significant increase in the number of phishing attempts whereby fraudsters attempt to obtain customers' personal banking and other confidential information.”

Absa, Nedbank and Standard Bank have also confirmed increases in phishing attempts on online banking customers. Lee Albertyn, head of Virtual Networks at Nedbank, states: “Online identity theft relating to phishing and keystroke logging remains a real threat. There has been an increase of such phishing schemes online through spam e-mail or pop-up windows.”

Ross Linstrom, personal and business banking media relations officer at Standard Bank, notes: “We can confirm there has been an increase in the number of phishing attempts, and we urge customers to remain vigilant.”

All the big-name banks state the biggest reason for the increase is customers' failure to heed warnings, saying they would never send out e-mails requesting them to enter personal details online.

According to Steve Higgins, head of corporate communications at FNB, the increase is “cyclical”. He says the increase could be as a result of a resurgence of crime syndicates. Higgins explains that banks often experience a period in the year when phishing incidents decrease as police crackdown efforts on syndicates increase. Following the quiet period, the number of fraud incidents surge again as syndicates re-organise, he adds.

For Absa, the increase in attacks is directly related to increases in the number of online banking users. “Millions of South Africans are now enjoying the convenience of banking online and as the channel has grown in popularity, so have the number of identity theft attempts by fraudsters trying to trick clients into divulging sensitive information like PIN numbers and passwords.”

Christo Vrey, managing executive of Absa digital channels, says successful phishing attempts are not a reflection of poor security measures by banks.

“It is important to remember that no bank will ever send you an e-mail asking you to click on a hyperlink to confirm or update your login details. Typically, Internet banking systems are secure. The only way for online fraudsters to operate is to convince customers to divulge personal information.”

Higgins notes that customers continue to fall prey to phishing attempts - despite repeated warnings from banks.

Vrey points out that customers need to adopt a tough, vigilant approach to phishing attempts, saying: “In the same way in which one is responsible for their physical security, like locking one's front door for instance, it is the customers' responsibility to ensure their online security by not divulging sensitive personal and banking information.”