Beware of rising spam bank fraud

Beware of rising spam bank fraud

Instances of what has been termed as 'brand spoofing,' which involves fraudsters sending spam emails to bank customers purporting to be from the bank in order to lure them to phoney bank websites to steal their bank details, will continue to rise unless organisations take extra security measures, according to filtering software company SurfControl.

Charles Heunemann, Australian MD of SurfControl, says occurrences of brand spoofing had sprouted from zero to over five a month in just three months.

A recent example was the case involving the Commonwealth Bank's NetBank service. A spam email was sent out which directed the recipients to a very convincing imitation of the NetBank website, which had a message posted on it that read: 'Dear Valued Customer, Our new security system will help you to avoid fraudulent transactions and keep your investments safe.' The site then prompts the customer to "reactivate" a bank account by logging in with the bank account number and password.

Heunemann believes the increase in this dangerous new type of spam is linked to the growth in availability of open proxy servers that allow spammers to send virtually untraceable, anonymous emails. Research conducted at the University of Oregon Computing Centre found that the number of open proxies grew from 1000 in October 2002 to 100,000 in April 2003.

"Internet outlaws and conmen are often on the cutting edge of technology – using every trick in the book to find ways to hide their identity and avoid detection," says Heunemann.

SurfControl advises companies to notify its customers and employees that any email asking for personal information, such as a username, password or credit card number, is suspicious and should be reported immediately to the security contact at the company, as there is no legitimate reason for any website to ask for email verification or the updating of confidential information via email.

Related Article:

Complacency - not complexity - the killer in IT security