Security threats Toolkit

Copycat phisher arrested for Smile attacks

Tags:
Arrested,
Security,
Phisher,
Phishing

Matt Loney ZDNet.co.uk

Published: 29 Apr 2004 12:30 BST

Police have arrested a 21-year-old British man suspected of launching a phishing attack, in which he allegedly tried to trick users into revealing their bank account details, on customers of the Smile online bank.

Officers from the National Hi-Tech Crime Unit arrested the man, from Lytham St Anne's in Lancashire, after Smile, the Internet bank operated by The Co-operative Bank, reported the scam to the NTHCU in March.

Phishing scams operate through spam emails that typically purport to originate from a bank and send people either to a fake Web site to illicit their username and password or - in more sophisticated attacks - to the real Web site, over which an invisible template has been placed to capture the user's login details.

An NHTCU spokeswoman said the man is believed to be a copycat phisher and is not connected to the organised crime group that is behind the global swathe of phishing scams targeting bank users in Australia, New Zealand, the UK and the US. She said the scam allegedly perpetrated by the Lytham St Anne's man was not sophisticated "but the spelling was correct" -- an opinion echoed by Smile, whose spokesman said that the scam was relatively crude.

Conflicting reports emerged over whether any customer accounts were compromised. While Smile denied that any had been, the NHTCU said they believed that some were.

DCS Len Hynds, head of the National Hi-Tech Crime Unit, said in a statement that the message is that people who launch phishing attacks will be caught.

"Anybody who thinks that they can copy a scam and get away with it is sorely mistaken. People are entitled to their identity on the Internet without fear that it can be stolen by criminals."

Phil Garlick, Director of Operations at Smile, said in a statement: "The security of our customers' money is absolutely paramount to us and we will take all necessary steps to ensure that anyone caught trying to undermine that security in any way will feel the full impact of the law.

"We regularly remind customers via secure messages and on our website not to respond to emails of this kind as we would never ask customers to send personal information about their Smile account to us in this way."

A smile spokesman said the company never sends out emails asking people to go and login on the bank's Web site. "We also put messages on our Web site warning customers about these scams, but only intermittently -- and we move them around -- so they don't just become part of the wallpaper."