The UK is now established as the second biggest target area for phishing attacks on banks, according to research from security firm RSA show.
An analysis of reports to RSA’s Anti-Fraud Command Centre for October show that UK financial institutions make up a 16 percent share of those attacked worldwide, second only to the US, which has a 60 percent share. The UK has held second place for nine months running.
But the UK is not a major host of phishing attacks, with just 3 percent of attacks worldwide originating here. The US hosted 47 percent of attacks logged in October, with China second on 22 percent.
RSA also warned that phishers have now begun to use Internationalised Domain Names (IDNs), which can be used to produce an effective spoof of a genuine bank website.
IDNs are domain names or web addresses that use local language characters, such as Cyrillic. This means a fraudster can use characters in one language to construct a URL that looks exactly like another.
RSA warned: "For example, Unicode character U+0430, Cyrillic small letter a ("a"), can look identical to Unicode character U+0061, Latin small letter a, (“a”) which is the lowercase "a" used in English. Therefore, a spoofed phishing domain which is based on an IDN can look exactly like a genuine bank’s domain written in standard ASCII code.”