Phishing still a threat to the unwary surfer

Online phishing scams - where bogus e-mails and counterfeit websites ask internet users to divulge their financial or personal details - are still rife and may be especially prevalent at this time of the year, according to ACCA, the Association of Chartered Certified Accountants.

Using a seemingly official form of online communication - say from a bank or credit card company - phishing involves hooking people to reveal their financial or personal details.

The individual then unwittingly hands over this information in good faith, resulting in financial loss or identity theft.

Valerie Culley, spokesperson for ACCA in the West Midlands, said: ''Both businesses and individuals can do a lot to protect themselves by installing up to date anti-spam software and enhancing online security measures.

"For a business, it's vital to ensure a risk analysis plan is in place to manage these security breaches and threats."

She added: "But the simple advice is, if an e-mail you receive isn't from a recognisable source, then don't respond to it - just delete it.

"The same goes for e-mails which you suspect are abusing the corporate details of reputable firms.

"And it's also wise to alert the bona fide company about any scams you come across because they're a victim of the hoax too. This helps them to trace the source and deal with the matter, and protect their customers."

According to the global Anti-Phishing Working Group (www.antiphishing.org), phishing and other forms of online subterfuge rose to an all time high in October 2005, with 96 global brands hijacked by phishers in that month alone.

ACCA says financial institutions such as banks and credit card companies are currently accepting liability in phishing attacks.

However, this may change with the growth of the threat.

The terms and conditions of use of online banking facilities and credit cards require the user to keep their passwords and identification details secret.

By disclosing these to a third party, the terms will be breached and the financial institution will be entitled to decline to accept responsibility.