NAB: Phishing attacks still work

July 29, 2013

Phishing attacks remain a top concern at National Australia Bank (NAB), with 300 fake sites set up each month to steal customer data.

Rick Smith, principal security architect for personal and business banking at NAB, stated vulnerability management is an ongoing job that requires a dedicated team and much investment.

Mr Smith, speaking at the Digital Security Summit in Canberra last week, noted that even the most basic phishing attacks still work, Lifehacker reports.

Whether they are full of spelling mistakes, obvious errors or laughable content, they remain a worthwhile means of attack against a sizeable percentage of the population, he stated.

"Three hundred is the maximum number of new phishing sites per month trying to steal customer information.

"Three thousand is the number of newly-infected customer machines we find every month."

'Spear' phishing is also becoming prevalent, with cybercriminals less likely to spam out mass emails and instead send targeted attacks using information gleaned from social media sites – appearing to come from trustworthy sources.

His comments came as recent Kaspersky Lab statistics showed banks are the main targets of more than 20 per cent of phishing attacks, with 37 per cent of global financial organisations admitting being victims over the last 12 months.

And Mr Smith added that mobile application security is becoming increasingly important as more people look to access online banking via their phone.

"Nearly half of NAB's online banking logins are from mobile devices," he explained.

"We get 2,000 new downloads of our app every day."

However, despite this growing area of concern, NAB was quick to point out that desktops are still an easier target for malicious attacks.

This is because malware for desktops has been around for 15 years, meaning it is feature-rich and sophisticated, while mobile threats tend to be a lot less functional from a banking perspective.