Q What is phishing?

A Phishing is the name given to the practice of sending emails at random, purporting to come from a genuine company operating on the Internet, in an attempt to trick customers of that company into disclosing information at a bogus website operated by fraudsters. These emails usually claim that it is necessary to 'update' or 'verify' your password and they urge you to click on a link from the email that takes you to the bogus website. Any information entered on the bogus website will be captured by the criminals for their own fraudulent purposes.

The term ‘phishing’ comes from the analogy that Internet scammers are using email to ‘fish’ for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who were stealing America Online (AOL) accounts by scamming passwords from unsuspecting AOL users These were known as ‘phish’). The ‘ph’ spelling has its origins in phone ‘phreaking’ whereby hackers gained free phone calls by manipulating telephone exchange facilities.

Q Is phishing the same as ‘pharming’?

A No. In ‘pharming’ the unsuspecting victim is taken on the internet to a fake site without them realising it. They are then asked to confirm or supply key personal information, or a Trojan programme (see below) is secretly installed on their machine. Think of a mobile phone - you go into the address book and press the button for ‘home’. You don't need to remember the number as it has a name associated with it which is easy to remember. That's how domain names (e.g.

Q When did phishing first come to prominence in the UK?

A The first cases of phishing were detected in the UK in September 2003

Q What is a Trojan?

A Trojans take their name from the term 'Trojan Horse' and are a type of computer virus that can be installed on your computer without you realising it.

Trojans are sometimes capable of installing a 'keystroke logger', which captures all of the keystrokes you enter into your a computer keyboard.

Typically

the fraudsters send out emails at random to get people to click on a link from the email. The user unknowingly visits a malicious website where weaknesses in the very popular Internet Explorer browser are exploited to install the Trojan. The emails are not normally related to Internet banking and try to dupe people into visiting, or clicking on the link to, the malicious website with a variety of excuses.

Q What are the trends in phishing attacks?

A 2005 saw the biggest rise in the number of phishing attacks since these started two years ago. In January there were 18 different attacks in the UK on banks; in September this peaked at 190 different attacks.

Q Does this mean that losses are growing ever more?

A Afraid so. Losses have grown overall from £4m in the first 6 months of 2004, to £14.5m for the same period in 2005. However as banks track these attacks more effectively, they are fighting back against the fraudsters and losses since mid-2005 have started to slow. But we won't have a complete picture until the end of the year.

Q Which type of customers are attacked?

A Both businesses and personal customers are attacked - in fact fraudsters try to target businesses as much as possible. This is because they will often have larger funds flow through their account. Losses from a business account average more than losses from a personal account. Conversely there are fewer businesses than individuals banking online so it is a smaller pool for fraudsters to target.

Q: How can I protect me and my business?

Many people choose Firefox or Opera.