Apacs warns over phishing increase

The Association for Payment Clearing Services (Apacs) has warned phishing attacks in the UK are on the increase.

Phishing has become far more frequent in recent months, with the latest Apacs data showing more than 10,000 phishing incidents were recorded in the first quarter of 2008 – up over 200 per cent from the same period last year.

Some 10,235 incidents were reported during the first three months of this year, compared to 25,797 in 2007 as a whole.

Phishing is the name given to emails claiming to be from an individual's bank, soliciting information, but are actually sent by fraudsters.

Such emails typically urge account holders to click on a link that takes them to a fake website, identical to the one you would expect to see, where customers are then asked to verify or update personal security information.

In doing so, however, the phishing victim is actually giving information to the fraudster who has created the fake website.

Although online banking fraud losses decreased by a third from £33.5 million in 2006 to £22.6 million in 2007, the fraudsters are still having some success in duping customers with phishing emails.

As a result the industry is keen to remind customers to remain on their guard to these scams.

"Although online banking fraud losses fell last year the fraudsters clearly aren't giving up," said Sandra Quinn, director of communications at Apacs.

"Phishing scams are continuing to rise and they are becoming ever more sophisticated, which is why we want to remind people to remain wise to them.

"The advice is quite simple: just remember that your bank will never send you emails asking you to disclose PIN numbers, login details or complete passwords – if you receive an email of this nature you should delete it."

In order to avoid becoming a phishing victim, Apacs offers the following advice:

• Always be suspicious of unsolicited emails that claim to be from your bank; delete any phishing emails that you receive.
• Never give your login details, PINs or passwords in full by email – banks will never request these in this way.
• Always access your internet bank account by typing your bank's address into your web browser.
• Ensure there is a locked padlock or unbroken key in the bottom right of your browser window when accessing your bank's website. The beginning of the bank's internet address will also change from 'http' to 'https' when a secure connection is made.
• Make sure home PCs are equipped with up-to-date security and virus protection.
• Take extra care when using an internet cafe or public computer for online banking.

"If you think your details have been compromised you should contact your bank immediately," concluded Ms Quinn.