Banking officials and computer security experts predicted on Monday the wave of cyber scams targeting the financial services sector will soar in 2004 as the industry braces for a new onslaught of fraud schemes.
The gloomy prediction comes amid a string of e-mail and Web site spoofing scams preying on banking customers.
Police call the relatively new phenomenon "phishing," so named because fraudsters try to lure unwitting customers into divulging their bank details.
In the past few months, a rash of e-mails posing as correspondence from some of the world's biggest banks have flowed into various e-mail in-boxes. The scams have been reported in Britain, the United States and Australia, to name a few.
"We see phishing as just the toe in the water,"
Said a security expert for one of the UK's largest banks who spoke on condition of anonymity at a summit in London dedicated to security matters in the financial services industry.
"It's like credit card fraud. Phishing is not big yet. But it will be."
Banks, desperate to protect their reputation and preserve a fast-growing segment of their business, consider online fraud schemes a top security issue.
"The level of concern among our customers about the risk is certainly on the increase,"
Said Nick Sears, vice president of sales for Finjan Software, a California-based security firm that counts some large banks as its customers.
British banks have been particularly hard hit this fall with more than a half-dozen firms, including Barclays Plc, Lloyds TSB and NatWest, posting warnings to customers that they have been the target of fraudsters.
At the summit on Monday, industry officials sounded a sobering note that technological advances will do little to halt the crime wave.
Police blame the crime wave on organized crime syndicates based in Eastern Europe and other regions where law enforcement is ill-equipped to investigate the cases.
Meanwhile, the industry has been scrambling to find a fix of its own. One suggestion is the creation of a "dot-bank" Web domain that would be distributed solely to financial services companies.
A main problem, law enforcement officials say, is that fraudsters can easily acquire a dot-com Web site address that looks like an authentic business Web address.
In one version of the scam, bank customers are sent an email directing them to a site that appears to be affiliated to the bank where they are instructed to update their bank details by supplying various forms of personal identification.
"A dot-bank domain wouldn't stop it, but it would certainly narrow down the spoofing opportunity.",
Said Lee Fisher, solutions architect for McAfee Security.
|
|
Reader Comments: 0
