Anti-spam outfit ClearMyMail has published a league table of the UK’s most ‘phished’ brands, with the NatWest bank way out in front as the most targeted business.
According to the company, the bank accounted for 41% of all spam and fraudulent emails running through its servers, from a top ten made up entirely of financially-based companies.
Citibank was at number two, with 27% of emails, and HSBC third with 11%. The other seven covered a range of UK and international institutions, including Abbey 6%), Lloyds TSB (4%), PayPal (2%), Royal Bank of Scotland (1%), Nationwide Building Society (1%), HBOS (0.8%), and MBNA (0.5%).
The figures were monthly totals from the December 2007, a busy period that includes the spam high of Christmas. No indication was given of the total volume of email traffic involved.
“Without any email protection UK online banking customers are at severe risk of being tricked into giving away their account details to criminal gangs. The Phishing emails used are very well constructed and often look exactly like a legitimate message from the bank,” said ClearMyMail managing director Dan Field.
The company claims it is the only filtering company that can offer a “no spam” guarantee to customers, including the sort of image spam that has been employed in recent months, with some success, to circumvent conventional filtering.
“It has almost got to the stage where cyber-crooks are building up a portfolio of email databases containing contact information that is profiled to fit a certain bank or building societies typical customer in order to improve the success rate of their fraudulent attacks,” said Field.
The list reflects the traffic of one relatively minor service provider, but it does offer some interesting clues to the nature of fraudulent email. The phishers appear to favour international institutions over UK ones – several UK banks feature way down the table in terms of the number of fraudulent emails despite being among the largest banks in Europe. NatWest-excepted, UK-targetted emails appear, then, to be the exception rather than the norm.
There is some evidence that attacked brands suffer harm as a result of being ‘phished at’ – a Cloudmark survey Cloudmark survey in November discovered consumer reticence when contacted by brands they have heard of being used in the context of email fraud.