The Swiss watchdog for cyber fraud has warned that perpetrators of online financial scams are using more and more refined methods to target internet users.This content was published on August 6, 2005 - 10:30
Fraudsters have attempted to persuade unsuspecting online customers of financial institutions in particular to divulge their user names and passwords, leaving their accounts open to interference.
The rapidly expanding domain of cybercrime requires new words to be invented constantly. This form of identity theft is known as "phishing" and involves counterfeit websites and brand hijacking.
The Swiss Coordination Unit for Cybercrime Control (Cyco) handles around 500 complaints a month, mainly concerned with spam mail. Cyco has been operational since 2003 and is staffed by police officers, lawyers, internet-security experts and criminologists.
Incidents of phishing are monitored by Cyco in collaboration with the Reporting and Analysis Centre for Information Assurance at the Federal Police Office.
This form of electronic fraud bypasses the banks and targets customers directly, taking advantage of their good faith and cooperation.
Stephan Glaus of the analysis centre says the scam begins with bogus emails sent to a very wide audience.
Usually the fraudsters do not know which bank a person is using but if they cast the web wide enough they will find potential targets.
"When you get an email that urgently requests some action on your part and asks for your username, password or credit-card details, you must treat it sceptically and not react. A reputable online company would never ask for information in this way," he explains.
Robert Shaw, an internet-strategy expert at the Geneva-based International Telecommunications Union (ITU), warns that the perpetrators of these attacks are highly organised.
"These aren’t casual individuals anymore. Criminal gangs are involved and they are the quickest adapters to new technology."
Shaw told swissinfo that the issue has become very serious. "Consumer confidence in the internet has been declining rapidly over the past 12 months because people are becoming more and more aware that it’s a bit of a Wild West out there."
Two recent cases of phishing attacks have taken place in Switzerland involving PostFinance and eBay.
In both cases messages were received from faked sender addresses. Customers were asked to click on a link to confirm their login data.
The links in question were convincing counterfeit copies of the real internet sites, which were in fact controlled by the fraudsters.
The language used in the phony PostFinance emails was English. But despite the unusual nature of the email, 12 PostFinance customers were taken in by the scam and their accounts were robbed. The company offered to cover the amount of their customers’ losses.
Glaus of the analysis centre says that the criminals involved are always improving their methods and that future attacks are likely to happen in Switzerland using German or French, two of the country’s official languages.
Protection against fraud
Awareness seems to be the best defence from fraud of this kind and users should not reply to anything suspicious that appears in their inbox, Glaus advises.
"It is also important when ebanking not to click on links to access the page. Always enter the site by typing the address yourself or by using your bookmarks."
One approach to tackling the menace of internet fraud would be to do away with the anonymity that makes the web unique. Shaw believes the only way to solve these security problems is to authenticate who computer users are.
"There are security weaknesses in email because it was originally set up for a trusted environment and there is no real authentication scheme of either service providers or users on the internet. This makes it very easy to carry out anonymous activity."
Phishing is only one part of the cybercrime picture. Software designed to cheat and defraud internet users, known as spyware or crimeware, is another danger.
With these programs, surreptitious software is installed on a computer to track internet movements and record keystrokes. Experts say the presence of this technology is a good reason not to do banking on a public computer.
The Anti-Phishing Working Group, a global industry association that monitors and seeks solutions to this type of fraud, identified 472 incidents of brand hijacking in the first six months of this year.
More than 90 per cent of these were in the financial-services sector.
"Phishing" - a cross between password and fishing - is a form of online identity theft that uses technical subterfuge and consumers’ good faith to steal personal identity data and financial account credentials.
Swiss companies and websites have already been targeted by phishing attacks and the authorities expect further cases to occur.
The best defence against this type of internet fraud is vigilance and properly updated security software.
In compliance with the JTI standards