Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:40 PM
Nancy Feig
Nancy Feig
Connect Directly

Phishing for Bank Accounts Reels in Big Bucks

By Nancy Feig Today, Symantec revealed findings about the rewards phishers are reeling in for personal information phished from consumers.

By Nancy Feig

Today, Symantec revealed findings about the rewards phishers are reeling in for personal information phished from consumers.According to the security vendor, bank account details bait the biggest rewards, at up to $400. IDG News Service also reported that:

Credit card details sell for between 50 cents and $5, e-mail passwords for $1 to $350 each, and e-mail addresses from $2 to $4 per megabyte.

The report points to the commercialization and even "professionalism" of today's cyber criminals. Phishing toolkits, which can be purchased to aid these criminals, accounted for 42 percent of all phishing attacks during the first six months of 2007.

These phishers continue to capitalize on vulnerabilities in Web sites trusted most by consumers, including banks, social networking sites and job search engines. The criminals use the "scripts" provided in the toolkits to set up phishing Web sites that mimic legitimate Web sites, according to Symantec.

These social networking sites are particulary vulnerable to phishing because users tend to highly trust the sites and their security measures.

I have to tell you, I honestly used to wonder how people could fall for phishing scams, but I can tell you first hand that they are getting harder to detect. Almost everyone I know has been a victim of phishing on Myspace, the most popular social networking site. It amazes me that Myspace has not found a way to prevent these attacks or at least sent out some type of alert to its users.

I quick google search yields plenty of instructional sites on how to hack into a myspace account. There's even a YouTube video with instructions. I wonder where all of those stolen passwords are going. One organization hacked their way into the Web sites of several HSBC employees to steal their passwords, which are likely their work passwords as well. This is some scary stuff.

Banks need to be aware of the many channels criminals are to steal people's identity and money. Open dialogue with the social networking sites might be one place to start.

Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.