Apparently phishing is not just on the rise – it is exploding. The number of incidents of criminals using spam emails to persuade people to part with online banking passwords has rocketed by 8,000 per cent in about 18 months.

Such astronomic growth may be down to the attractions of armchair international law-breaking: phishing is easy money for minimal outlay, far from both the scene of the crime and its legal penalties.

But statistics are rarely so simple. Phishing’s massive rise may also be because internet banking customers are wising up, forcing phishers to launch more attacks for the same return.

Without further information – namely the number of those attacks which are successful – the 8,000 per cent figure, while striking, is largely meaningless.

Addressing a House of Lords committee last week, banking industry body Apacs again fought off suggestions that it should publish bank by bank information on the number of successful attacks. Apacs says making such information public would be unhelpful, spook potential customers, damage ebusiness and create an erroneous picture of banks’ security.

But without a clear picture of the size and nature of the phishing phenomenon, no amount of customer scepticism or co-operation in international law enforcement will be sure of effectively dealing with it.

The banks’ perspective may not be entirely self-serving. Statistics are famously malleable, and very few situations remain, on closer inspection, as simple as they first appear.

But if one set of metrics is too unsophisticated, it is up to Apacs and its members to establish constructive alternatives, as without such basic information, strategies for dealing with phishing will be based on uncertain foundations.

Looking the other way and pretending that cyber crime is someone else’s problem benefits no one but the criminals. And until the dimensions of the problem are clearly established, it will be difficult to know how best to fight it.

What do you think? Email us at: feedback@computing.co.uk