Friday, August 29, 2008

Phishing

Wikipedia defines "phishing" as "the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. ". (see here). The most usual mechanism to achieve this is by means of fraudulent e-mails, websites or downloadable applications.

Based on what has been reported in the media, this is quite a prevalent activity, with many examples and activities. During the past month, this is a sample of the things that crossed my desk:

  • A warning published by FNB in South Africa for their customers to be awar of a phishing attempt. (see here)
  • A youngster sent to prison for seven years for phishing attacks. (see here)
  • ClearmyMail reporting that the biggest target for Phishing attacks in the UK is RBS (probably because they are the biggest anyhow, or because they report this better? Anyhow must have a lot of statistics to get to 42.7%) (read more here)
  • The UK Association for Payment Clearing Services (APACS) reports an increase of 180% in phishing attacks year on year (more here).
This is just a sample. What is interesting to me (once again) is how many instances are not reported? So why do I publish this on a mobile banking blog? Simply because so many mobile banking suppliers are deploying solutions on mobile phones with major holes for phishing attacks. It is easy to apply the same principles in a text message (re-routing to a harmfull URL or downloading a trojan application). However (if deployed correctly and making use of the unique characteristics of mobile phones) mobile banking can be designed in such a way that the channel is not prone to phishing attacks. This is the opportunity to do it right (most mobile banking industries are still in its infancy) before take-up is so big that technology decisions cannot be changed.

Yet, many banks merely port their Internet banking solutions to mobile, without due considerations of the additional security that mobile can provide... such a pity. Consider speaking to the experts before you do this.

No comments: