Web hoaxes set to increase

Web fraudsters are increasingly targeting consumers with password-confirmation scams, experts have warned.

The scam involves sending emails which purport to come from a service provider asking consumers to confirm their passwords at a website. Customers of several British banks were targeted last month.

The websites are cunningly constructed fakes. Once the password entries are made online thieves collect them. As well as banks, companies like eBay have also been targeted.

"A huge number of people are getting suckered by spoof websites, particularly in the US," said Scott Schnell, senior vice president of sales and marketing for RSA Security.

"Once they use the sites they are losing everything, all their personal information. This problem needs to be addressed."

Schnell suggested that companies and the press should educate employees and the public respectively. Better identity management would also help, he added.

"Someone being lazy or stupid, two essential human traits, can defeat the very latest risk management system," said Jon Collins, associate at analysts Quocira.

"Education is vital, there's a fundamental misunderstanding about technology. When people go to these websites they aren't thinking properly about threats."

Financial institutions never ask customers for confidential information via email or to divulge such details at websites linked to by a web address in an email.

Genuine banking websites are always prefixed with 'https'. The 's' stands for 'secure' and guarantees that details are being kept confidential.