Consumers feel the pinch as phishers take a large bite

News by SC Staff

Consumers are losing an average of £500 a year on phishing attacks.

Consumers are losing an average of £500 a year on phishing attacks.

According to McAfee Avert Labs' new financial fraud research, the UK saw a decrease in online banking fraud in 2007 after a sharp rise in 2006. The first half of 2009 showed a 185 per cent increase compared to last year.

However the report claimed that 80 per cent of bank emails are fraudulent, and that many users will not hesitate to enter personal information. The brands attacked are primarily American and English banks, with RSA claiming that 72 per cent of attacks are carried out against American banks. Gartner estimated that the average loss per victim in the United States is US$886 (£531).

The report also claimed that auction fraud is one of the biggest concerns among authorities. A 2008 survey by Consumer WebWatch found that more than one in four New York state residents who have used an online auction had experienced a scam or deceptive practice.

Eleven per cent of users of online auction sites reported that they never received the goods they bid on, making this the most common complaint. In addition, seven per cent of survey respondents who received their goods said that they were not in usable condition.

In the case of false payments to a seller, the buyer claims to live in a foreign country and requests a bank identifier code or an international bank agency number from the seller. This often involves the sale of a vehicle that an intermediary for the buyer will pick up.

The seller's account is credited, and the car is picked up very quickly. Some time later, the payment is cancelled because the transfer was not a true transfer but, thanks to the bank identifier code, a simple cheque deposit. The cheque being insufficiently funded, stolen, or forged, the transaction is cancelled. The intermediary is often a mule.

Report author François Paget, senior malware research engineer at McAfee Avert Labs in France, claimed that nine years after the ‘I love you' virus appeared, many internet users remain vulnerable.

Paget said: “Optimists say that users are less impulsive about double clicking on email attachments and that they are beginning to be wary about unusual requests, such as a mirror site may present. This may be true, but new internet subscribers form an inexhaustible reserve of naive people.

“To reach the gullible as well as the experienced, cybercriminals are developing new attack methods and new traps. One example is clickjacking.”

Tracey Mooney, McAfee's unofficial chief cyber security ‘mum', said: “My mother was looking for a job a few months ago. Because she knows her way around the computer a bit, she was using it to find a job. The problem? She didn't realise that not all the jobs that were hitting her email inbox were from legitimate companies.

“One of those companies wanted her bank account information with her application. Luckily, I am her daughter and I was able to talk to her about phishing scams and show her how to do her homework before applying to a job she finds online."


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews