The move follows APACS-commissioned research showing that 4% of internet banking users would respond to an e-mail, supposedly from their bank, asking them to click on a link and re-enter their security details.
Such e-mails are generally scams, designed to encourage recipients to visit a spoofed web site where they are asked to reveal sensitive private information including credit card numbers, checking account information and Social Security numbers.
And these so-called phishing attacks are on the rise. A study on victims of spoofing and phishing scams, commissioned by TRUSTe, an on-line privacy non-profit organisation and also NACHA, an electronic payments association, was released last week. It revealed that 76% of US consumers are experiencing an increase in spoofing and phishing incidents and that 35% receive fake e-mails at least once a week. OUT-LAW is presenting a conference on phishing in Edinburgh in November (details below).
Despite the growth in such internet scams, the APACS research found that a quarter of the 585 surveyed conducted their on-line banking on a computer with no updated virus checker. Forty-one percent did not have an activated firewall.
Around a third of those surveyed write their passwords down, while almost one fifth of respondents admitted that someone else knew the password for their on-line bank account, leaving them susceptible to having their on-line accounts accessed fraudulently, said APACS.
According to the survey, over a half of respondents had never changed their password, while a quarter used the same password for banking as for potentially insecure non-banking web sites.
APACS has therefore set up an advice web site, banksafeonline.org.uk to explain how phishing and Trojan attacks – software that is sneaked onto a computer to carry out malicious acts or give another user remote control of the target computer – happen and what steps consumers and SMEs can take to combat these scams.
"Although computer users seem to be getting wise to spam scams like phishing and Trojans – which can be best avoided by treating unsolicited e-mails with caution – we'd like to see even greater improvement," said Sandra Quinn, APACS' Director of Corporate Communications on Friday.
"With 14 million people banking on-line in the UK – the 4% who say they would respond to a scam e-mail allegedly from their bank is still too high and they could unwittingly be giving fraudsters access to their accounts. The new web site we are launching today sets out the simple steps you need to take and will hopefully encourage anyone who hasn't thought about protecting themselves before to start doing so now."
