The US Office of the Comptroller of the Currency (OCC) is warning banks to take all possible precautions to protect customers from a recent proliferation of Web-spoofing e-mail scams.
The OCC says the FBI's Internet Fraud Complaint Centre (IFCC) is reporting a steady increase in complaints involving unsolicited e-mails directing consumers to bogus banking sites or directly asking for personal financial information.
The practice, known as phishing, is increasingly being targeted at banks and their customers. The US regulatory body is urging banks to educate their customers, strengthen monitoring systems and enhance response programmes "to reduce the potential risk to their organisations and customers".
The Comptroller says banks must improve authentication methods and procedures - moving beyond 'shared secrets' such as passwords - and post warnings on the Internet and other customer correspondence reminding customers that the bank will never request confidential information through e-mail.
Banks should also step up their detection and response procedures, says the OCC, keeping tabs on accounts for unusual transaction activity and establishing processes to notify Internet service providers, domain name issuing companies, and law enforcement to shut down fraudulent Web sites and other Internet resources that are being used to perpetrate the scams.