BANKS are reporting an "explosion" in online banking fraud as an unholy alliance of organised criminal gangs, hackers and virus writers join forces to raid our bank accounts.
Up to 150 million spoof e-mails are being sent each month to banking customers, many of them carrying viruses, according to the Association for Payment Clearing Services (Apacs). This reflects a nearly nine-fold increase on scam attacks in 2005.
The banks' success in cracking down on high-street fraud has forced the crooks online. An army of geeks is now employed by the underworld to devise ever more ingenious means of tricking customers into revealing passwords, or to install 'spies' on home computers, capable of recording every keystroke. This information is then used to empty your bank account.
Customers who manage their financial affairs online are being warned to urgently update their computer security.
Apacs spokeswoman Sandra Quinn said: "We have seen an enormous spike in attempted fraud this year, which will feed through into an increase in online banking fraud.
"We are very concerned that some customers are not doing as much as they should to protect themselves."
What to look out for
According to Apacs, 872 fake e-mails were each sent to thousands of customers in June 2006, in a practice known as 'phishing'.
These e-mails appear as though they are coming from the bank, and ask you to reveal personal information and even passwords. They may also attempt to forward you to a website which looks like the bank's homepage. They seem so authentic that many customers are fooled into disclosing precious security details.
Lloyds TSB's consumer banking spokesman Jason Bacon said: "This kind of cyber crime is all about duping and fooling customers. Be on your guard. You should never disclose your passwords to anyone. Your bank would never ask you. If you get an e-mail from the bank requesting this information, it is a fake."
Halifax's Jason Clarke added: "If you look closely enough you can usually tell it is a fake. There may be spelling or grammar errors."
Such e-mails will frequently carry what is known as a 'Trojan'. This is a computer virus which can give online thieves remote access to your computer and therefore your bank account.
It can, for example, install 'spyware' or 'keylogging' programs. Spyware monitors your computer usage and sends the details back to the criminals. Keyloggers record every strike of the keyboard, including passwords, allowing gangsters to unlock accounts.
According to the consumer lobby group Which?, spyware is growing at an alarming rate.
Which?'s banking adviser Mike Naylor said: "The UK has the third-highest spyware levels in the world. On average, each computer here is infected with an astonishing 18 pieces of spyware."
Finally there are worms. These are malevolent viruses which do not need to be attached to a document or e-mail but can spread independently via the internet.
The good news
The good news from the consumer's perspective is that if money is stolen from accounts we do not initially lose out financially. The bank foots the bill.
However, the stress and inconvenience involved in becoming a victim of online banking or identity fraud is enormous. Furthermore, all customers ultimately pay the price through higher banking charges.
The fraudsters' efforts to infiltrate our computers will be relentless, which is why our attempts to thwart them must be equally persistent. If you receive a suspicious e-mail, delete it immediately.
Which?'s Naylor said: "When visiting your bank, always type in the unique web address. Do not search for the site using a search engine. There are many fraudulent sites out there which look just like those of the banks. You don't want to end up on one by mistake."
Always look for the letter "s" at the end of http (https:), which indicates that the site is secure. Also check for the padlock sign in the right-hand bottom corner of the screen. This too denotes a secure site.
Bacon warns against using internet cafes or laptops to conduct banking business. Laptops powered by a wireless signal (known as wi-fi) are thought to be particularly vulnerable.
Firewalls, anti-virus and anti-spyware packages
Common sense alone will not be enough. Online bankers must ensure they have a defensive firewall activated to ward off attacks, and that they also have anti-virus and anti-spyware installed. It is vital to ensure your packages are kept up to date.
Many modern computers will come with a firewall, and some may include anti-virus software. But the advice is to build on top of these basics.
This can be done either by downloading free software from the internet, or by buying a packaged 'suite' of protection.
Quinn said: "It doesn't matter which package you go for, as long as you install these security measures. And the more you can build in, the safer you will be.
"Hackers and virus writers are coming up with new things all the time. The best protection is a layer of defences - what we call a suite of defensive measures. Things are changing all the time. You need as many different defences as possible to fight the different challenges."
Which? recently tested the various options. Of the free solutions, it recommended AVG Free Edition, for anti-virus protection ( www.grisoft.com ; Zone Labs ZoneAlarm (free) ( www.zonelabs.com for free firewall; and Microsoft Antispyware (Beta 1) ( www.microsoft.com .
Security suites are the belt and braces of internet security, giving you everything you need in one package. For example, they may include pop-up blockers, and anti-spam and parental control facilities. You will also get better regular updates and more technical support. However, they cost around £40.
HACKED OFF WITH JARGON?
Keylogger: makes a note of the keys you press on your computer. Malicious keyloggers send this data to a third party
Firewall: blocks unwanted communications to and from the internet
Virus: a malevolent program which spreads from computer to computer within another program or document
Trojan: a virus that allows a third party remote access to your computer
Spyware: installs itself secretly on your computer and monitors your actions, sending this back to a third party
Worm: similar to a virus but it doesn't need to attach itself to a document to inflict damage - it can spread via the internet