APACS, the UK payments association, said today that 'almost 1 in 3 people don’t have any anti-spyware software on their computer' as it discussed the increasing numbers of phishing attacks in the UK and reminded consumers of the tips to help them avoid falling victim to such crimes. According to APACS, 'phishing has become far more frequent in recent months with the latest APACS data showing more than 10,000 reported phishing incidents in the first quarter of 2008 – up over 200 per cent from the same period last year.' READ MORE

Michael Barrett, PayPal's Chief Information Security Officer, blogs about the progress PayPal has made in dealing with phishing attacks - and shares a paper titled 'A Practical Approach to Managing Phishing' that Michael wrote with his colleague Dan Levy and presented today at the RSA Conference in San Francisco. The secret? There's no one 'silver bullet' - but a multi-layered strategy has made a significant difference for PayPal.

Gartner has announced results from a survey of online US adults finding that $3.2 billion was lost in 2007 from phishing attacks with 3.6 million adults having been affected. According to Gartner, "thieves are increasingly stealing debit card and other bank account credentials to rob accounts — targeting areas where fraud detection is weaker than it is with credit card accounts."

Consumer Reports has announced results from its latest "State of the Net" survey concluding that one million U.S. consumers lost more than $7 billion over the last two years to viruses, spyware, and phishing schemes and that consumers face a 1 in 4 chance of succumbing to an online threat and becoming a "cybervictim."

Jeremy Kirk reports for Network World that PayPal is working on persuading email providers to block email messages appearing to come from PayPal that don't contain digital signatures - in an effort to try to reduce phishing attacks.

Cyveillance has announced availability of a report titled “Online Financial Fraud and Identity Theft” (PDF) that highlights the growth of Internet attacks and identifies the industries most at risk.

The Anti-Phishing Working Group (APWG), American Bankers Association (ABA) and the Financial Services Technology Consortium (FSTC) have announced joint sponsorship of the inaugural Counter-eCrime Operations Summit (CeCOS), "a conference for counter-ecrime stakeholders focusing on the management of electronic crime events and the work of the professionals charged with engaging these increasingly threatening and costly incidents."

In the latest issue of Computerworld, Jaikumar Vijayan interviews Michael Barrett, PayPal's chief information security officer, about how he deals with PayPal's most significant security challenge: phishing attacks. "While we have a great deal of grudging respect for the intelligence and determination of our adversaries, we ultimately want to see them in handcuffs and orange jumpsuits," Barrett says.

Earlier in December, the UK's House of Lords Science and Technology Committee, as part of their investigations into personal Internet security, heard evidence from representatives of APACS, VISA and the FSA. eGov Monitor reports that story - saying that "the witnesses were pressed on what mechanisms the financial industry in the UK had put in place to protect people using online banking and other online financial services." A transcript (PDF) of the oral evidence presented is available online.

VeriSign has announced a suite of new Digital Brand and Fraud Protection services designed to "help organizations detect, prioritize and rapidly respond to suspicious activities on Web sites, blogs, online user communities, and other sources that can damage brand equity and consumer confidence."

Gartner reports that, while ecommerce sales have experienced consistent growth, "recent security breaches (online and offline) are having a significant impact on buying patterns of U.S. adults. Due to consumer’s concerns about the security of the Internet, nearly $2 billion in U.S. e-commerce sales will be lost in 2006," according to Gartner.

Retailers and charities aren't the only ones expecting to benefit from the upcoming holiday shopping season.
With the average shopper expected to spend nearly $800 this year on holiday merchandise, according to the National Retail Federation, thieves are also looking to cash in on the season. Besides stealing money and objects, identity theft is gaining popularity among criminals.

Wells Fargo has announced several upgrades to its online security platform "designed to give customers and businesses even more protection in the fight against Internet fraud."

Joris Evers reports for CNET News.com that Yahoo! is testing a new "sign-in seal" security feature intended to help prevent phishing attacks from being successful. According to Yahoo!, a "sign-in seal is a secret message or photo that Yahoo! will display on this computer only." The seal, customized by the user can be text-based or an image uploaded by the user. If the user doesn't see their customized sign-in seal on a Yahoo! web site, then it's not a genuine Yahoo! site.

RSA Security has announced that its technology currently protects more than 20 million registered users with its live online banking authentication technology and that it has signed agreements with -- and begun implementations at -- major financial institutions representing approximately an additional 40 million online bankers. RSA also announced the launch of the RSA Adaptive Authentication 5.8 solution integrating RSA Security and legacy Cyota and PassMark technologies. According to RSA, "the new version also comprises a wide range of deployment plans, including a rapid deployment option that is designed to enable the implementation of a fully-operational account protection system in less than 30 days -- with no integration work or code changes required."

Barclays has announced it is launching a "new online anti-fraud initiative and becoming the first bank to offer free anti-virus software to its customers. Customers will also be offered an innovative text message service notifying them of new payees on their online account, helping to cut occurrences of fraud attacks."

RSA Security has announced that it has acquired PassMark Security, a privately held company based in Menlo Park, that "delivers robust software-based authentication to millions of users worldwide, through some of the largest consumer-facing financial institutions."

The Anti-Phishing Working Group is holding its Spring General Meeting next Tuesday, April 18, in Chicago. The focus of this meeting will be on eCrime: next-generation phishing, crimeware and email authentication. The meeting agenda is available online.

Australia-based Fraud Management Technologies has announced FraudAlert, a new software or hosted solution designed to reduce the rate of increasingly sophisticated online fraud while protecting the convenience and ease of use of online banking and retailing.

Rich Miller posts on the Netcraft weblog that phishing e-mails sent yesterday targeting customers of Chase Bank and eBay were directed to sites hosted on IP addresses assigned to The China Construction Bank (CCB) Shanghai Branch. "This is the first instance we have seen of one bank's infrastructure being used to attack another institution," he says.

Phishing is already passé among global cybercriminals - according to Tom Zeller Jr.'s article "Cyberthieves Silently Copy as You Type" in Monday's New York Times.

Bruce Schneier recently linked to this detailed analysis of a recent Verified by Visa phishing attack. As he said, it's a great example of how the sophistication of these attacks is ever-increasing. This particular attack combined several features -- all designed to improve the chances of enticing a cardholder to hand over important card information.

Gregg Keizer reports for Information Week on Charles Schwab's announcement yesterday that the online broker will provide a guarantee against any and all losses from unauthorized account access. Called the Schwab Security Guarantee, it is an effort intended to help calm customer concerns about phishing and identity theft.

Joseph Pellicciotti reports for the Northwest Indiana Times on a new presentation available online from the FDIC. Titled "Don't Be an On-line Victim: How to Guard Against Internet Thieves and Electronic Scams", the presentation is designed to educate consumers about the steps they can take to protect themselves from identity theft and what they can do if they've become victims.

Melissa Campbell writes for the Alaska Journal of Commerce about online banking, phishing and the protection of personal information.

Bank of America has announced that it made available SiteKey, an online banking security feature that helps prevent fraud and identity theft, to bank customers in the Northeast in December.

The World Wide Web Consortium (W3C) has announced a new workshop "Toward a More Secure Web -- W3C Workshop on Transparency and Usability of Web Authentication" to be held at Citigroup in New York City in March 2006.

Bank of America and EarthLink have announced a new toolbar intended to help protect consumers from fraud and identity theft.

Korea.net reports on action being taken by the government in South Korea "to oblige financial institutions to compensate consumers for virtually all financial losses from hackers' intrusions into online financial accounts and personal data starting September next year. "

RSA Security has announced entering into a definitive agreement to acquire Cyota, Inc. for total consideration of $145 million.