In the past, checking your bank balance, paying bills, placing standing orders, and transferring money between your own bank accounts meant going down the bank and queuing for a cashier. Some small advances where made with the advent of telephone and mail banking services but this still meant going through lengthy automated telephone services and relying on snail mail. The advances of the internet have made these negative aspects of banking a thing of the past. At the touch of a button we can access a whole range of online services making banking easier than ever.
Likewise for the criminal element in our society robbing a bank used to mean sawn off shotguns and a lengthy heist, however its now just a matter of fooling unsuspecting victims online all from the comfort of their arm chairs, no more swag bags and balaclavas for them. What’s more the criminal activity is less targeted at the banks but more at the customers themselves.
Security in banks is now greater than ever making robbing today’s modern banks nigh on impossible and you would think the same extent of security would apply to personal banking online. Well for the most part yes, however some flaws in banks online security measures have recently been highlighted.
A concept known as “Spoofing” has recently been highlighted as a security issue of 3 major banks online banking portals. Heise Security have recently highlighted this issue although its concept has been apparent for years. Most banks have measures to prevent this process which involves a fake or spoof page being inserted onto the web sites only for unsuspecting users to enter their sensitive login information to be received by fraudsters in order to steal their identities or attempt to use their bank accounts.
The issue was highlighted in September of this year when Heise security alerted six banks that this kind of fraud was still possible on their websites. Since then Natwest, Bank of Ireland and Link all took steps to avoid these issues. More recently Cahoot, Bank of Scotland and First Direct have indicated that they are currently addressing the issue.
These risks highlighted by Heise are very slight and have not yet been successfully capitalised on by any fraudsters although it does leave food for thought on how many other vulnerabilities may also be left insecure. Unfortunately the nature of the internet and its current rate of technological development means that with every new security measure comes a work around for crooks or rather more alarmingly the reverse of that concept.
At the heart of Spoofing lies the under lying concept of “Phishing” this concept is being used by criminals more and more frequently. Internet security firm MessageLabs said it had stopped 215,643 Phishing e-mails in September of this year compared with just 279 in September 2005.
Phishing principally involves sending out fake emails that pose as the recipient’s bank. The emails often claim to be official security check emails from their banks asking for the confirmation of security details. One way to be sure you are never a victim of this kind of fraud is to remember no bank would ever ask for your sensitive security details, so never give them a way, to anyone.
Whilst the conveniences and advantages afforded by online banking are clear the risks and security issues surrounding the subject still remain at the forefront of concern. Be careful out there, if anything looks suspicious, it probably is and you should always enquire directly to your bank if you are ever in doubt.
If you ever receive an email that you think is suspicious you should never reply to it, open any attachments or click any web links embedded in it. The best course of action would be to report it either to your ISP (internet service provider) or to this organisation: http://www.antiphishing.org/crimeware.html.