Fraud Alert
Contact your local police station
Find your local police station.
Fraud Alert - Phishing
What is Phishing?
Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The email directs the user to visit a website where they are asked to update personal information such as password, national insurance number and bank accounting details. The email may further suggest that the information is necessary to prevent the account from being suspended.
With this information the fraudster can do a number of things that include stealing the identity of the person who provided the information in the first place to undertaking attacks on that persons bank account.
The email is sent to a large group of people, seeking out account users. The scam relies on the contents of the email request being adhered to by the account users and the details provided.
A recent survey revealed that between January 2004 and June 2004, 1.5 million phishing e-mails were sent out. More than a quarter of a million were sent in the month of June alone.
The number of active phishing sites reported in November 2004 was 1518. The average monthly growth in phishing sites from July 2004 to November 2004 is 28%.
It is worthy of note that 5% of recipients respond to spam emails. As a result of a response, a new identity is created using the details provided and fraud is committed on the new identity.
The use of the phishing medium as a money laundering tool appears to be emerging, where volumes of compromised user data is sold to crime groups who aggregate the stolen funds into centralised false accounts by a principal organiser or “dump leader”. The use of false employment websites, encouraging users to sign up and provide their banking facilities to forward money to other accounts for a 20% administration fee has also been revealed.
How the crime is committed
E-mails are created purporting to come from bank security departments were being circulated asking for username and password details in connection with Internet banking. The email invited account holders to click on a URL (Uniform Resource Locator), which generates a web page. Unsuspecting account holders account holders completed their user name and password on the web page. Unknowingly the account holder had linked into a web server run by a criminal enterprise.
Once the user name and password have been obtained the criminal logs into the on line banking system of that account and transfers money from that account into another account from which he will be able to obtain the funds.
In order to facilitate the transfers a number of people are recruited who have accounts at the same bank as the target account. The recruitment involves advertisements on Internet forums and unsolicited emails offering jobs as ‘ money processors'. Respondents to the advertisements are in receipt of 7% commission of the monies that they handle.
Once the stolen funds were received into the money processors bank account, they were given instructions to withdraw the money in cash and then to use money transfer agents and send the money to criminal organisers.
Where is the crime committed and by whom?
The crime, like the suspects and the victims may come from anywhere in the world. Recent intelligence suggests that organised crime in the former Eastern Block is taking the lead on this type of activity.
Who are the victims?
The victims of phishing at present are the banks and financial institutions that are having their customer accounts compromised. It also includes members of Internet auction sites. It is not an unrealistic assumption to consider that members of the public may be liable if they have not conducted sufficient safeguards before entering the phishing website.
Statistics show that the target institutions are English speaking with the USA, United Kingdom and Australia being the primary victims.
What do you do if you receive and e-mail from what you think is your bank?
A bank or other financial will not send e-mails to you asking you for detail such as PIN numbers, passwords or other personal data, no matter how genuine the e-mail looks.
Do not be tempted to fill out any pages and respond and if you think the e-mail is not genuine forward it on to the bank it purports to come from.