A new report has revealed that nine out of ten financial and commercial websites may have loop holes in their systems, that make their clients vulnerable to being cheated of their money.

A study released by UK-based computer consultants Next Generation Security (NGS) reveals that a large number of web applications audited by the company in the past year were potentially easy targets for an advanced “phishing” scam.

According to the Newscientist, ‘phishing’ involves duping a web user into handing over financial details or passwords for an online bank or e-commerce store, enabling the user’s account to be raided.

Swindlers often send out fake administrative emails designed to lure people to a website that may seem like an authentic bank, and has only a slightly different web address, where they are asked to provide account information.

However, the majority of flaws discovered by NGS did not involve fake sites. Instead, NGS most frequently found configuration errors that could be used to redirect sensitive information from a legitimate web site to a fraudulent one without the user knowing.

More here.