"93 per cent of people have anti-virus software on their PCs, almost one in three people (29 per cent) don’t have any anti-spyware software."

that's becuase the A/V A/S sellers confuse the market.

if someone is on yuo machine is on you machine that you don't want, it's a virus as far as most people are concered.

Ask the average Joe, if they have a password stealing program on their machine, what would they run. Most would say "Oh an AntiVirus".

What is needed is single products, but most companies like to sell you two items (or three if you include a firewall).

Most people would prefer a simple all in one package (that works). You click one button adn it does everything.

and it's urgent, a legal demand, or from your bank. It's fake. Nothing important comes from a financial institution by email. Ever. And it's their fault if they DO decide to send important stuff.

If it contains bad spelling and grammar, it's fake.

If it comes frum a nown badd speler n itz beutyfully ritten, it's fake.

If it's all in capitals, it's fake.

If it's all in lower case, it's fake.

Any doubt - it's fake.

If it comes from Third Avenue, 7th Floor, New York NY 10012 it's fake.

If the address then comes up when you hover your mouse pointer over a link is different from the one in the link, it's fake.

That's all you need to know.

There were roughly 60,000 people born in the UK last year, so if 20% of them get taken in phishing scams, that's 12,000 people. there are 525,500 minutes in a year, so that means there is only one born every 43.8 minutes. PT Barnum eat your hat

Mines the one with "watch out, I'm on something" on the back

Just dont read / open / bother with any banking emails.

If you want to use your online banking, open a new browser window, and by hand type in the name ie w w w.mybank. co. uk, dont click on a link to it

just those two simple things, will be a great defense starting point.

Always have uptodate anti virus software, to meet the bank requirement, a free one like avg will do.

Always have uptodate spyware, a free one like spybot will do, and your bank cant complain you took no precautions etc

Its over 600,000 born every year in UK. Barnum is still wrong though.

I get a lot of phishing emails for some reason - of course as I don't bank with Natwest or Halifax I know that they are fake.

But look at the HTML and you'll find that 99% of the graphics in the email are being served from the banks website.

Now as they say they never send out emails why on earth are ALL these banks set up to allow image leeching. Why not put a configuration directive in the web server that says if the image is being referred to by something that ISN'T the bank website then replace it with a warning image? If private web masters can do it then surely its not beyond the wit of a bank?

Hmm... I don't like this very much.

I run Linux, so I don't have any anti-virus installed, or anti-spyware. However, if I were a victim of identity theft, I wouldn't like to have to explain why I don't really need it.

Also, I'm not convinced that having AVG or a free one would do the trick. If it comes down to an argument about liability, they'll be wanting is a receipt from PC World, not an "I downloaded some free thingy so that's OK".

Does this mean that to cover my ass, I now have to go and buy a copy of Norton so I can pretend to install it on my Linux machine?

This is all about liability, and the banks wanting to reduce theirs as much as possible.

First properly setup security in your browser

Second (Most Important) Microsoft, Banks, and other big businesses will not send you email, nor will they offer you money for winning. You cannot win a lottery if you have not entered. Most people that lose is because they are greedy ba5tards.

Third repeat steps one and two.

I'm curious. Do you have an example of a web site that blocks image linking.

This can be easily overcome by taking a copy of the image from the bank's web site and saving it somewhere else (such as the server with the phishing login page).

....the banks never advertise on the telly advising their marks to avoid email scams, maybe they are afraid of ruining their 'online brand reputation'.....

If you click, you stupid.

I've never used it but I remember in the control panel for my free hosting with my ISP there was an option to turn on the image leeching protection. So I guess that it's pretty standard fare...

My bank used to have the best anti-phishing protection going. You could only pay money to people or companies you'd already set up. If you wanted to pay money to someone you'd never paid before you had to ring up and talk to a person to set it up.

Now "for our convenience" (more likely to save them money) they've made it so we can set up new payments ourselves. Now any phisher logged in from abroad can set up a payment to one of his mules easily and quickly. The bank don't seem to understand that this has actually harmed security.

My ex-credit card company is worse. I tried to place an order at a big-name website. They declined it on a whim because it might be fraudulent. I then got a phone call from a computer telling me "This is not a marketing call, it's an important call from your bank." The recorded message asked me to enter my card number, dates and the 3 digit number off the back. I didn't and called the bank to report a potential fraud. The person in the fraud department berated me for not answering the computer's questions, was rude, patronising and couldn't understand why I wouldn't enter my details to an unsolicited phone call from a computer when the bank had told me never to give them out in case of fraud. She also told me I was being unreasonable to be angry because the the item I'd ordered was low on stock and the last one had gone when by the time I realised my bank had declined the transaction.

I'm just waiting for someone to download the sample transaction recordings from the company that makes the computer that called me (they are on their website) and write a piece of voip-phishing software using the real voice.

These people wonder why their customers are becoming the victims of fraud...

Paris, because she knows more about security than these people.