Heise Security, a German computer security publisher has warned that the websites of three UK banks remain vulnerable to phishing attacks despite the banks being warned about a potential loophole recently.
This September Heise published a report warning that five banks had serious security weaknesses on their home pages. Heise explained how the bank websites could be exploited by Internet fraudsters. Its security experts inserted a false page on to the websites, exploiting a loophole on the sites.
Heise claims that customers of the banks would have almost no chance of detecting such a fraudulent page. They could then be tricked into entering their logon information which would then be captured by the scammers.
The banks named in the September report were:
-Bank of Ireland
-Bank of Scotland
Heise has subsequently said that the Bank of Ireland had fixed the vulnerability on its website and that NatWest was taking to steps to do so as well. However, as at the 23rd of October, it said that the other three banks were still vulnerable.
The BBC on October 23rd quoted spokespersons from Bank of Scotland, Cahoot and First Direct as saying that the three banks aim to have fixed the flaws on their website "very shortly".
UK banking organisation APACS says the number of phishing incidents in the UK rose by 800% in the year to August 2006.