The UK is now established as the second biggest target area for phishing attacks on banks, figures from security firm RSA show.
An analysis of reports to RSA’s Anti-Fraud Command Centre for October show that UK financial institutions make up a 16% share of those attacked worldwide, second only to the US, which has a 60% share. The UK has held second place for nine months running.
But the UK is not a major host of phishing attacks, with just 3% of attacks worldwide originating here. The US hosted 47% of attacks logged in October, with China second on 22%.
RSA also warned that phishers have now begun to use Internationalised Domain Names (IDNs), which can be used to produce an effective spoof of a genuine bank website.
IDNs are domain names or web addresses that use local language characters, such as Cyrillic. This means a fraudster can use characters in one language to construct a URL that looks exactly like another.
RSA warned: “For example, Unicode character U+0430, Cyrillic small letter a (“a” ), can look identical to Unicode character U+0061, Latin small letter a, (“a” ) which is the lowercase “a” used in English. Therefore, a spoofed phishing domain which is based on an IDN can look exactly like a genuine bank’s domain written in standard ASCII code.”