UK banks and retailers are investigating e-mail monitoring
services that could offer early warning of "phishing" attacks by
hackers attempting to trick consumers into disclosing their online
banking passwords.
Although the losses from attacks against Lloyds, Barclays and other
banks have been small, concern is growing that more sophisticated
phishing attacks in the future could cause significant
losses.
Security experts said plans by Microsoft to patch a phishing
vulnerability in Internet Explorer would have little impact on the
problem, as hackers could use other equally effective techniques to
fool consumers.
E-mail monitoring firms Brightmail and Messagelabs confirmed this
week that they were holding talks with banks and online retailers
about proposals to provide an early-warning service for phishing
attacks.
"As soon as phishers start sending out e-mails we can alert the
banks, so they can start getting the phishing websites shut down,"
said Messagelabs.
Anti-virus companies have already added signatures to detect
phishing e-mails which exploit the Internet Explorer vulnerability,
but there are concerns that home users who do not keep their
anti-virus systems up-to-date may still be vulnerable.
Stuart Okin, chief security officer at Microsoft, said banks and
retailers should be educating customers to check the authenticity
of websites and e-mails.