Catching the phishers:
Government/banking taskforce targets online fraudsters

The Australian Government is teaming up with Australia's finance industry to crack down on cyber-criminals using bogus emails to defraud online banking and finance customers.

Specialist staff from Australia's major banks will be seconded to the Australian High Tech Crime Centre (AHTCC) to help investigate cases of "phishing," where online criminals use apparently legitimate emails to trick people into divulging passwords, credit card numbers and bank account details.

Support for the Joint Banking and Finance Sector Investigation Team has also been provided by the Australian Bankers' Association (ABA), Mastercard, Visa International and the Credit Union Services Corporation Australia Limited (CUSCAL).

The increasing use of Internet banking by business and consumers is providing a new potential avenue for high-tech fraud.

This joint initiative between the AHTCC and the banking and finance sector is an important step in combating cyber-fraud and ensuring that the growing number of Australians who use Internet banking can continue to do so with confidence.

The Government and the banking and finance sector will also explore ways to educate consumers about phishing.

The Office of the Information Economy in the Department of Communications, Information Technology and the Arts has already prepared a background document on phishing for consumers. Phishing - Don't Take the Bait! contains practical advice on steps for consumers to protect themselves from phishing. A summary of this document is attached and the full version is available through the Publications link at www.dcita.gov.au.

In addition, a National Response Plan to fight cyber crime will provide a mechanism for financial institutions to report phishing incidents to the AHTCC and the Australian Computer Emergency Response Team (AusCERT) for analysis and investigation.

This will enable police to swiftly contact the public, banks, telecommunications companies and Internet service providers to issue alerts on the potential threat.

Today's announcement builds on the Government's tough approach to fighting email scammers by outlawing unsolicited email under the Spam Act. The AHTCC is also working with the Australian Communications Authority to attack the problem of spam - a common vehicle for delivering phishing emails.

The AHTCC is hosted by the Australian Federal Police and was established last year to coordinate a national approach to fighting serious, complex and multi-jurisdictional high-tech crimes.

High-tech crime, particularly directed at the business sector, is a threat to the Australian community and the economy.

The Government is working on a multi-faceted approach to protect consumers and businesses from a broad and increasingly sophisticated range of illegal activity in this sector, including:

Credit and debit card offences: New offences will be introduced in the winter sittings of Parliament to cover credit and debit card skimming, whereby legitimate credit and debit card data is illicitly captured or copied, usually by electronic means. This offence will also cover Internet banking fraud, including phishing activity where that activity involves capturing personal financial information

National Card Skimming Database: The Australian Crime Commission in partnership with financial institutions has established a National Card Skimming Database to identify organised crime groups committing card skimming crimes and

Infrastructure protection: The Trusted Information Sharing Network (TISN) includes Government and industry representation to improve critical infrastructure protection, with the ABA chairing TISN's Banking and Finance Infrastructure Assurance Advisory Group.

Carina Tan-Van Baren (Mr Williams' office) (02) 6277 7480/(0439) 425 373

Simon Troeth (Senator Ellison's office) (02) 6277 7260/(0439) 300 335

Background Paper - Phishing

Australians are increasingly using the Internet for shopping, banking and business transactions, with online access providing an easy and efficient avenue to resources and services.

However, use of the Internet for fraudulent purposes is also growing. This includes the use of bogus emails to trick people into revealing personal information to enable the commission of a crime, or "phishing."

"Phishing" is a technique used to gain personal information for the purposes of identity theft by using fraudulent e-mail messages that appear to come from legitimate businesses, commonly financial institutions.

Phishers send authentic-looking messages are designed to lure recipients into divulging personal data such as account numbers, passwords and credit card numbers. These emails often copy legitimate logos and message formats and even include links to a website that is a convincing replica of the company's home page.

Phishing emails often attempt to instil a feeling of urgency by claiming:

• Accounts will be closed down unless a log-on is completed
• A recent security upgrade means that you have to log-in to be protected or
• That a large sum has been debited to your account and you need to provide your account details to confirm that the charge is incorrect.

Australians can avoid phishing scams by being alert and employing sound practices for Internet use. These include:

• Taking time to think about what you are being asked to do - is it a message that you would expect to receive, and are there related announcements on the website of the business which purported to send the message?
• Double-checking with the business before responding
• Not automatically clicking on the website link providing in the email
• Accessing online business sites using the correct address saved in your Internet browser
• Checking authenticity of messages by telephone, using the contact number that is in the phone book for your bank, not the number listed in the email (often the numbers listed can be false or lead to you incurring costs)
• Reporting phishing scams to the business and to the police in your State or Territory as soon as possible and
• Permanently deleting phishing emails, which may include viruses as well as fraudulent information.

More information

Australian High Tech Crime Centre: http://www.ahtcc.gov.au

Australian Bankers' Association (ABA): http://www.bankers.asn.au

National Crime Prevention Programme: http://www.crimeprevention.gov.au