Phishing and Online Banking

Yanire Braña. Professor. IE Business School

20 June 2006

In the last two years, many on-line bank clients have received text messages, calls or even e-mails asking for personal information. This is the latest in a series of financial frauds that is shaking the confidence of many online users.

What is phishing?

Phishing is a term coined in the 1990s to describe a new type of fraud in which the personal information of on-line bank clients is stolen, including passwords, bank accounts, credit card numbers and identities. The crime entails a mass-mailing of messages and e-mails in which the criminal impersonates a bank or company. The aim is to make the victim believe that the request comes from the official site; the intention is to steal the client’s information and his/her money.

This type of crime--which has badly shaken internet user confidence--has increased by 28% since 2004, when on-line fraud cost US finance companies €990 million.

In Spain, 86% of these attacks are aimed at the financial sector, but other institutions such as the National Institute of Statistics, eBay and Paypal also have fallen victims to this type of fraud. Clients of on-line banking have a better chance of being victims of phishing due to the fact that, although many channels are used for illegally obtaining personal information, the most common is via an e-mail containing what appears to be a link to the bank website. Once a clients’ personal information is obtained, the criminal then uses it in a fraudulent manner. Phishing, based on the mass-mailing of e-mails and even SMS texts, has become so common that it is now being called emishing or mobile phishing.

What can be done?

Despite the large numbers of banks that are affected, and the growing sophistication of the wrongdoers, reasons for optimism still exist. But the fight against these infractions requires the help of both the banks and the users. Not only are there new techniques of artificial intelligence that enable us to identify more readily modifications in SPAM and help establish a filter criteria, banks and on-line users also are following new recommendations and introducing preventive practices aimed at fighting these types of crimes. Users are becoming increasingly more aware of the potential dangers. In keeping with the security recommendations issued by their bank, and in much in the same way they keep their physical credit cards and personal information safe, clients should also avoid accessing their online bank or carrying out financial transactions from public places such as universities and cyber-cafés.

The phishing phenomenon is also generating new sources of income for many companies that have been quick to realise how important information security is, especially to financial institutions and online bank users. These companies have responded to user needs by offering new technologies and other solutions, while making recommendations aimed at helping to maintain the confidentiality, identity and integrity of users and electronically-transmitted information. In accordance with both national and Community legislation, harsh sentences are handed down for this type of electronic offence.


#IECampus, the Campus of the Future

See video
Follow us
IE Agenda
Most read
IE Business School | María de Molina 11, 28006 Madrid | Tel. +34 91 568 96 00 | e-mail:


IE Business School

María de Molina, 11. 28006 Madrid

Tel. +34 915 689 600