UK banks and retailers are investigating e-mail
monitoring services that could offer early warning of "phishing"
attacks by hackers attempting to trick consumers into disclosing
their online banking passwords.
Although the losses from attacks against banks including
NatWest, Lloyds and Barclays have been relatively small, concern is
growing that more sophisticated phishing attacks in the future
could cause significant losses.
Security experts said plans by Microsoft to patch a phishing
vulnerability in Internet Explorer would have little impact on the
problem, as hackers could use other equally effective techniques to
fool consumers.
E-mail monitoring firms Brightmail and Messagelabs
confirmed last week that they were holding talks with banks and
online retailers about proposals to provide an early-warning
service for phishing attacks.
"As soon as phishers start sending out e-mails we can alert the
banks, so they can start getting the phishing websites shut down,"
said Messagelabs.
Anti-virus companies have already added signatures to detect
phishing e-mails which exploit the Internet Explorer vulnerability,
but there are concerns that home users who do not keep their
anti-virus systems up-to-date may still be vulnerable.
Stuart Okin, chief security officer at Microsoft, said banks and
retailers should be educating customers to check the authenticity
of websites and e-mails.