Online banking fraud soars as fake emails trick customers

2 Oct, 2004 11:00 PM3 mins to read

1.00pm - By CHARLES ARTHUR

Hundreds of thousands of online bankers are leaving themselves open to fraud, with 4.5m pounds ($12m) stolen from 2,000 people in the UK in the past nine months.

The number of victims of scams that steal online banking details soared in the nine months to June, up from 100 in 2003. The banking group Apacs, which acts for the clearing banks, said they were the hapless targets of "phishing" emails. These are crafted to appear as though they have come from a high street bank, and lead people to websites that mimic those of the bank.

The amount of money lost by each person on average is comparable to that lost through card fraud but there is less chance of the police catching the perpetrators, who may be based in other countries.

In May, British police arrested 12 people on suspicion of acting as conduits for overseas criminals in such scams. Research commissioned by Apacs also suggests that4 per cent of 585 online users surveyed in the UK, equivalent to half a million people, said they would respond to an email that appeared to be from their bank and click on a link that asked them to re-entersecurity details.

Andrea, from Teesside, was caught out in April this year.An email that appeared to be from Barclays Bank asked her to confirm her account details "for security purposes". She said: "This [email] had 'ibank' in the subject line and seemed to come from Barclays. I was slightly suspicious: I opened up my browser and logged on to my bank website to compare it. They were identical."

The boxes where Andrea entered her details went to the scammers. "A few days later I went to a cash machine and was surprised to find £2,000 extra in my account. The next thing I knew was a phone call from Barclays who grilled me about who I was and then said, 'Do you know £6,000 has come out of your account?' No, I did not. I went into shock."

The criminals moved the money in £2,000 tranches from her savings accounts to her current account, and then to intermediary accounts. The unusual pattern of transactions triggered fraud alarms. Her money was refunded after checks. "If I had been mugged I could have done nothing," she said.

Apacs said the next wave of attacks would use "spyware" programs to invisibly detect when a computer is logging in to a bank site. Apacs has launched a website, which tells people how to use online banking safely.

- INDEPENDENT