Guest blogger: Nick Staib, Senior Manager, Internet Banking, HSBC Bank plc
HSBC Bank plc and first direct are delighted to sponsor GetSafeOnline.org, and are happy to provide an insight into a typical day in the life of our joint internet anti-fraud operations. We are frequently asked what we do about phishing and fraudulent web sites. Well, read on. I’m going to give you a brief glimpse behind the scenes.
‘Technical Investigations’ are part of the bank’s global defence team, operating day and night to keep customers banking safely online.
A typical ‘day’ begins at 6am with a review of all suspicious emails forwarded by customers to phishing@hsbc.com, and with an analysis of phishing attempts in the previous 24 hours.
Any attacks are dealt with immediately; usually in the small hours whilst customers are still asleep. Each attack usually teaches us something new, but fraudulent web sites are always closed down. Sometimes we can shut down a site before the customer even reads the associated fraudulent email. Most ISPs are very co-operative, especially when contacted by our local teams within their own countries.
We also spend part of the morning gathering and interpreting online intelligence. This means trawling the internet for information, sifting reports from security sites, and cross-checking compromised web and IP addresses with our own records. This helps us tweak our defences against the latest threats.
We also systematically check our own internet banking access records for signs of any ‘abnormal behaviour patterns’. These are good indicators of fraud attempts. We try to identify customers at risk, so that we can speak to them directly and ensure they are safe.
Much of this business is about two-way communications – internet threats change so very quickly – so time is set aside for talking with customers and business colleagues, as well as with other banks and law enforcement agencies in the UK and overseas to share any lessons learned.
Then we do all this again – every day of the year. But that’s OK, it’s our responsibility. All that we ask from our customers is to follow the sensible advice within GetSafeOnline.org and enjoy the internet in safety.
{ 3 comments… read them below or add one }
HSBC should make email address for reporting fak emails much more easy to find I had to go throuch a number of links to find the correct email address
Do you ever bother to track down, and prosecute the people who set up the sites though?
Martin – thanks for this feedback. We have now added the ‘phishing@hsbc.com’ email address to our ’security page’. This means that this can now be reached from virtually every page on our personal internet banking website.
Ken – I wish it were that easy! We liaise with police services around the world. Their focus however is not individual phishing websites (typically hosted in one country under false names, and operated remotely from another country), but on identifying and prosecuting the organised gangs behind such scams.
The gathering of evidence is slow and complicated, so we rely (successfully) on the willing co-operation of ISP’s who are unwittingly hosting such sites. Once identified these are taken down almost immediately.