The Beeb is reporting that FSA, the UK Financial Services Authority, says phishing has increased "8,000% over the past two years" (that's x80 for those of us who are numerically challenged - me included) but apparently, according to APACS, the UK's financial services industry body, it's OK and we're not to worry because there are still rather few incidents.
I'm reminded of the story of a prizewinner being offered the choice between taking $1m today or taking 1 cent today, two cents tomorrow, four cents the day after and so on every day for a month. Which would you choose? Now do your sums and see if you chose wisely. [And no, I'm not getting into arguments about NPV, the risk of the prizegiver defaulting or the investment income you can make during the month.]
The APACS spokesman reportedly "said just because a bank had been targeted, did not mean its security systems were worse than its competitors. [That's true. But still I have to ask why the phishers are so actively targeting that one British bank - is it their brand value, I wonder, or are the phishers locked in a cat-and-mouse game with the bank's security team? Most of all, which one is it?] "There is no evidence that one bank is any worse or any better-off than another," he told the [Lords science and technology] committee. [Oh, that's alright then: they are all equally as bad!] He also rejected a call for banks to routinely inform customers of security breaches involving their details, such as when a bank employee's laptop was stolen. He said banks did not want to cause undue alarm to customers, as had been in the case in some US states, where customers were constantly given such information." [Alarm? Alarm? Who would have thought, eh, that being told by your bank that they have suffered a security compromise and disclosed your supposedly private and personal information to either some spotty geek or The Criminal Underworld is in any way 'alarming'? Stories of an upsurge in shoe sales so Brits can stash their wads under the bed are mere conjecture of course.]
My favourite quote of all comes from Philip Robinson, the FSA's head of financial crime, who said he believed internet banking was generally "safe". Now any fans of the Hitchhikers Guide To The Galaxy will be familiar with the proposed update to the entry in Encyclopaedia Galactica for earth: "Earth - mostly harmless". "Generally safe": isn't that a bit like being "almost dead" or "nearly pregnant"?
More identity theft and social engineering links