E-banking sites light on security claims Heise Security

Heise Security claims to have highlighted a number of serious security flaws with several e-banking sites in its latest report.

The self-proclaimed IT security portal claims that, since it highlighted the problems with the banks concerned last Friday, at least two of them have improved their security.

The problems relate to the fact that criminals can launch phishing emails, attracting Netters to the banks' sites, without the banks being able to detect these attacks and so realising what has happened.

That's all very well, but how is it possible for any Web site to be aware of a phishing attack in progress?

Short of employing a reverse authentication system, with the users effectively authenticating the e-banking site as genuine, the task is an almost impossible one.

In a press release, Heise Security says that "organisations such as banks need to do more in order to protect their customers, and so they tested the ease with which a phishing trickster could appear convincingly to represent a bank or similar organisation."

"Most current phishing scams are relatively simple, but they are becoming more sophisticated, and this trend is almost certain to continue," says the company.

Yes, but you're rather stating the obvious here, aren't you?

In fact, I could be nasty here and say that Heise Security has issued a release that states the obvious and offers no solution to the problem. Which is pretty, er, pointless.

I wonder how many newswires will pick up on this non-story...