Gone Phishing

This week brandmanagement received three separate emails purportedly from Westpac Bank stating their system has been through some changes they require the business to re-submit its details or its bank account would be suspended.

The emails coincided nicely with a series of media reports stating Westpac’s website had gone down for half a day and that several customers had been locked out.

The problem – with what seemed like excellent customer service – was brandmanagement doesn’t bank with Westpac and this therefore was a serious attempt at phishing.

To Westpac’s credit a brief review of the bank’s website alerted us to the fact phishers were out there and using the bank’s name – Westpac said it would never ask a consumer to resubmit their details via an email.

Technically phishing occurs when a third party attempts to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity such as a bank or building society.

The phishers then take this information and raid the accounts of the hapless customers who supply data.

The damage caused by phishing ranges from loss of access to email to substantial financial loss.

This style of identity theft is becoming more popular because of the ease some unsuspecting people divulge personal information to phishers, such as credit card numbers, social security numbers, and even mothers’ maiden names.

The problem for a banking sector keen on lowering costs and driving more people online is such activity is reduces trust in the online transaction process.

There are also fears in consumer land that identity thieves can add phished information to the knowledge they gain simply by accessing public records.

Once this information is acquired, a phisher may use a person’s details to create fake accounts in a victim’s name, ruin a victim’s credit, or even prevent victims from accessing their own accounts.

In China dragondata research has revealed this problem is partly to blame for the slow take up of non-traditional payment methods and perpetuates the long queues inside many branches nationwide.

U.S. businesses lose an estimated US$2 billion per year from recompensing customers and clients who have been victims.

In the United Kingdom losses from web banking fraud – mostly from phishing – almost doubled to £23.2m in 2005 up from £12.2m in 2004.

1 in 20 banking customer in the UK claimed to have lost out to phishing in 2005.