HSBC and Natwest among the top three phishing targets

HSBC, CitiBank and Natwest were the top three brands targeted by phishers last month, according to an internet security report.

HSBC was the top brand targeted by phishers with 40 per cent, while CitiBank was close behind on 38 per cent. Natwest followed in third with 16 per cent.

The statistics came from a monthly report from McAfee's AVERT labs, which also detailed the types of phishes which were popular, and individual types of malware which were becoming more common.

"When the phishing emails come out they are randomly sent out to either genuine email addresses or random email addresses," said McAfee security analyst Greg Day.

"They won't know if I am a HSBC or Barclays customer for example. What phishing scams have done is to pick on big brands and the logic of that is there is going to be more success."

Tax notifications were the top phishing scam, with a 'notification coming from your billing department' coming second. The rest of the top scams were dominated by HSBC and Natwest phishes as well as the 'please confirm your data' scam.

McAfee noticed that as financial institutions were becoming better defended towards threats, phishers have started to target smaller organisations more.

"The banks are providing everything from technology to education, including just basic communication, to help their users," said Day.

"If you want to make money and companies are getting better defended against it, you need to look for a different audience."

Day said that there were two main drives for the cyber criminal to make money, either through automation which involved technical skills, or social engineering, which he termed as 'human hacking.'

He said: "Rather than me knowing how to break into Windows or listen to your web browser and steal information, [social engineering] is almost like me walking up to you on the high street saying hi, I'm from HSBC, can I have your pin code?"

HSBC said: "We will review the McAfee report because we take this issue extremely seriously as we do all issues of security, particularly as it relates to direct attacks on our customers."

"We invest considerably in securing our offerings to our customers and like most major global banks will never send an email asking them to provide security details."

Natwest said in a statement: "Phishing is an industry wide issue which affects all banks and financial institutions. NatWest has an excellent track record of protecting our customers' accounts. We have developed and put in place significant security processes and resources to protect against precisely this type of threat."

"NatWest continues to take fraud extremely seriously and has taken considerable steps over the past few years to warn customers against responding to phishing e-mails, and continues to clearly advise that we will never ask customers to provide us with this type of personal information by e-mail."