HSBC, Natwest and CitiBank top three phishing targets

By Isabelle Chaize

HSBC, Natwest and CitiBank were the brands most targeted by phishers last month.

That’s according to a report on internet security by McAfee’s AVERT labs that also investigated the most popular methods of phishing and the most common types of malware.

It found that 40% of phishing scams were targeted at HSBC, followed by CitiBank which was attacked by 38%, and Natwest in third place with 16%.

McAfee said that with better technology enabling financial institutions to defend themselves more against threats, phishers have been moving more towards smaller organisations.

The most popular phishing scam last month involved tax notifications, and in second place was a notification from a billing department. Other commonly used scams besides HSBC and Natwest phishes was the ‘please confirm your data’ scam.

Cyber criminals have two options when trying to make money, according to Greg Day, a McAfee security analyst. One is via automation, which requires technical expertise on the part of the attacker, and the other is what he called ‘human hacking’ or social engineering.

He said of social engineering that ‘rather than me knowing how to break into Windows or listen to your web browser and steal information, its almost like me walking up to you on the high street saying hi, I’m from HSBC, can I have your pin code?’

CitiBank have yet to comment on the report, but HSBC made a statement saying ‘we will review the McAfee report because we take this issue extremely seriously as we do all issues of security, particularly as it relates to direct attacks on our customers. We invest considerably in securing our offerings to our customers and like most major global banks will never send an email asking them to provide security details.’

Natwest also commented, saying ‘phishing is an industry wide issue which affects all banks and financial institutions. NatWest has an excellent track record of protecting our customers’ accounts. We have developed and put in place significant security processes and resources to protect against precisely this type of threat. NatWest continues to take fraud extremely seriously and has taken considerable steps over the past few years to warn customers against responding to phishing e-mails, and continues to clearly advise that we will never ask customers to provide us with this type of personal information by e-mail.’