Despite all the warnings regarding bogus emails and how every computer user should ensure that their system is protected by up-to-date anti-virus software, phishing is on the increase, as is online fraud.

Figures from The UK Cards Association, which represents UK credit card and debit card providers, show that phishing attacks rose to 51,000 reported incidents, up 16%, and online fraud ticked up to £60 million, up 14%.

This was against an overall backdrop of far better overall fraud figures. The level of fraud on debit and credit cards dropped by £170 million to £440.3 million, a fall of more than 25%. Counterfeit card fraud dropped like a stone (over half) and the old fashioned cheque suffered less, being defrauded out of £29.8 million compared to £41.9 million, a drop of 29%.

But the industry is worried that despite the overall progress made, phishing continues to rise and online fraud seems similarly unabated.

Phishing is a particularly odious crime which relies on bogus emails with false ‘calls to action’ and are very clever at getting people to either transfer money, or to reveal their personal details, which then often leads to an attack on their bank accounts.

And this despite the fact that people are continually warned not to be gullible on the receipt of such emails. There are simple rules to remember, such as there is no such thing as a free lunch (if someone offers you millions of pounds via an email, then it’s a dead certainty that its too good to be true) and never, ever give out any personal details (and especially not usernames, or passwords) in an email. Remember, any credible organisation will not ask for such information. Confine all such emails to the bin.

Things should improve though say computer security industry experts, because anti-phishing software is now helping people to spot the fabricated emails.

The unfortunate rise in online banking losses are evidence that many still do not run an up-to-date and properly conceived anti-virus and internet security software suite. And as the financial institutions continue to protect themselves with very expensive and sophisticated security systems, the hackers only other target is the consumers themselves.

Experts warn that surfing, emailing and downloading files requires a constantly updating computer security suite installed on the computer. Without this, it is only a matter of time before malware can penetrate a computer and do its evil deeds.

Guest Article by Neil Camp

Reports form the BBC suggest that Google’s Gmail and Microsoft’s Hotmail have been under siege from phishing attacks which have targeted thousands of service users in an industry wide scheme.

Both Google and Microsoft have moved to stem any damage. Users of Yahoo and AOL email services were also hit.

The BBC stated that they were shown two lists which contained the name and passwords of 30,000 people who use Gmail, Hotmail, Yahoo and AOL email services. And the lists were said to have been posted on the web for anyone to access.

Google told the BBC that only 500 of its customers had been named, although it said a third list was in existence, but declined to give numbers.

A Google spokesperson said:
“We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts.

“As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”

Google appeared keen to highlight that the scheme did not actually breach Gmail security, but involved a none too uncommon scam which persuaded people to give away their personal information to cyber criminals.

A phishing scheme is one which usually involves bogus emails purporting to be from a bona fide organisation which invites recipients to send back their personal details, log-in usernames and secure passwords. And despite frequent warnings from the organisations themselves and computer security experts not to give away personal details to anyone, phishing attacks remain very successful in their simplicity and ruthlessness. Most are based on a good copy of a bona fida email and most introduce an element of bullying into their message: act now, or account will be closed down.

This particular scheme started when 10,000 Hotmail addresses were posted online at Pastebin, a website mostly used by developers to share code. But that was just the start, with a further 20,000 names being uploaded which contained e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers.

Although some of the details were old, or indeed fake, many were genuine.

A Microsoft spokesperson said:
“Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”

A person from Yahoo reiterated the rest, urging its customers to “…
take measures to secure their accounts whenever possible, including changing their passwords…”

Computer security industry experts called for the providers to do more to educate their customers as regards the dangers of such phishing attacks.

Guest Article by Neil Camp

A new virus is in town and this time it’s got a specific target: online banking customers. Known as the Clampi virus, it represents a major threat to those that bank via the internet.

The Clampi virus is whats known as a Trojan, mainly because of its ability to secretly penetrate a computer, wait patiently until needed, then report bank to its creator, or indeed, take instructions from its creator.

And the cyber criminals behind the Clampi virus have on objective in mind: to steal personal details from a computer.

It is spreading rapidly through the US and UK, infecting computers and then waiting until the time is right to strike. When the user of the computer logs into their bank account for example, the Clampi virus makes a note of the username, password and other pertinent details, which are then sent back to the hackers.

These details are then used by the hackers to enter financial sites and either transfer money, change account details, or set-up frauds.

It is believed that people behind the Clampi virus monitor in the region of 5,000 financial websites and amongst these are most of the UK high street banks. But it’s not just banks; sites run by mortgage lenders, online casinos, shopping operations and email providers are also targeted.

In the US the Clampi virus has already been responsible for thefts of thousands of dollars and its been reported that many schools and businesses have been affected.

The Clampi virus is not new, having been around since 2005, but computer security experts think that this is a new, more virulent strain and poses a major threat to online banking. And they believe it attacks in waves, the UK banks being a major target.

They are unsure as to the true extent of the damage caused in the UK, especially given the covert nature of Clampi’s operation, but think that over 1,000 computers have already been affected. And those running Microsoft Windows operating systems seem to be more vulnerable than most.

And the computer security experts are warning again that people should remain vigilant at all times, reiterating the fact the such viruses are usually distributed embedded in emails, website downloads and instant messages, as attachments and links. They urge anyone not to open links, or attachments, from sources they cannot trust.

What’s more, they remind computer users that they should never send emails, or surf the web, without an up-to-date anti-virus software application on their machines.

Guest Article by Neil Camp

Mobile phone giant Sony Ericsson have been forced to issue a press release after their name has been illegally used in a number of spam and phishing attacks.

The terse announcement states that the Company is aware that: “…a series of unsolicited emails have been sent to members of the general public from an email address that appears to bear the name ‘Sony Ericsson’ and which tells that the recipient has won a sum of money in a competition and requests that certain personal data be confirmed.”

Another version of the hoax is an email which says that Sony Ericsson will give away a free laptop to users who forward promotional information. It includes not only a photograph of the Sony Ericsson logo, but also a ‘company’ contact name and number (both bogus). The Company points out that all its competitions and promotions are organised through official channels, including their own and partner websites.

A Sony Ericsson spokesperson warned:

“Please be wary of any competition or promotion that appears to come from outside of Sony Ericsson or Sony Ericsson’s partners official channels. Examples of these include via spam emails or SMS. Please do not reply to or forward the email if you receive it.”

Sony Ericsson go on to apologise for these emails, which they believe are solely for the fraudulent gathering of personal information, and hope that too much inconvenience has not been caused.

The Company ask that anyone effected by such attacks should contact them via an email: questions.gb@support.sonyericsson.com

This is just one of millions of such attacks which are known as phishing and the simple idea behind them is that cybercriminals will send out millions of hoax emails (many sent unknowingly via ‘zombie’ computers) which use company logos, addresses and phone numbers to lend them some degree of authenticity. To the practiced, or indeed jaded eye, then they are quite easy to spot. Poor quality reproduction of the logo and layout of the company identity; incorrect English with spelling and grammatical mistakes; and, a bullying message (‘…send back personal information or we cut your service…’), are all dead give-aways that the email is a hoax. In short, if the respondent has any doubts advise computer security experts, then never reply.

Guest Article by Neil Camp

Cyber criminals are increasingly using scareware programmes to ‘extort’ money out of unsuspecting computer users.

Scareware programmes, such as the widespread Internet Antivirus Pro family, load code onto people’s computers which display false messages on their screens stating that a virus has been found and that for a fee, it will be removed. Of course, no such virus exists. The product presents itself as legitimate and usually contains other lines of malicious code, including often a password stealer. This tracks where people surf and steals log-in information.

It’s been estimated by The Anti-Phishing Working Group that such attacks have increased by 225%, equating to over 9,000 bogus antivirus programmes currently out there in circulation.

The US Government has reacted to such attacks by trying to shut down companies which write and distribute scareware.

Guest Article by Neil Camp