The growing menace of ?phishing? ? using fake websites and e-mail messages ? has prompted an exempted company and an association of business leaders to host a seminar tomorrow on combatting dangerous hacking practices

KPMG London?s ?white hat hacker? James McKeogh will join KPMG Bermuda?s manager of forensic investigation in a breakfast presentation in association with the Institute of Directors at KPMG?s Crown House headquarters at 8 a.m.

A ?white hat hacker? is a computer technician who practices some of the same techniques that malicious hackers used to identify vulnerable computers and networks ? but then advises his employers, clients or general public on how to counter them.

Phishers use fake Web sites and e-mail messages in an attempt to trick customers into disclosing valuable personal financial information.

As Reuters news service reported yesterday, the scams are becoming more difficult to detect as criminals develop new ways to trick consumers into revealing passwords, bank account numbers and other sensitive information.

A Danish security firm documented one attack last month that misdirects Web surfers by modifying a little known directory in Microsoft Windows machines called a host file.

After the Internet user types the Web address into a browser, he is directed instead to a fraudulent site. Reuters reports that while domain-name servers are more difficult to crack, hackers are also finding a way into these by posing as a company?s tech-support department and asking employees for passwords.

Mr. McKeogh ? the white hat hacker ? is senior manager and principal advisor with KPMG?s technology advisory team in London, while Mr. Peer is senior manager in KPMG?s Bermuda forensic investigation department.

?Fraud ? who has the technology advantage, you or the fraudster?? is broken into two sections with Mr. McKeogh addressing the latest hacking techniques and Mr. Peer speaking to what companies can do if they have been hacked and what they should do to prevent it.

Reuters reports that in the United States, phishing attacks have reached 57 million adults and compromised at least 122 well-known brands.

While Bermuda does not track such statistics, the problem is increasing as evidenced by KPMG?s growing Information Risk Management practice which helps people prevent attacks and manage their information.

Mr. Peer said: ?What is happening is it used to be that big companies like the AT&Ts, the big IBMs were targeted but more and more the smaller businesses are being hit.

?It used to be people were going after money so they wanted credit card details, bank access ? that type of thing ? but increasingly, they are going after information because they can then sell that.?

Last October, the Bank of Bermuda issued a warning to its customers to beware of phishing attacks.

The Bank has a 24-hour global monitoring plan in place so it can immediately respond to such attacks, but still it wanted to remind customers to decline any online requests to validate personal information.

In October the bank warned customers: ?Under no circumstances would we send e-mails requesting you to confirm debit/credit card numbers, account numbers or your personal log-on information.?

Mr. Peer said however banks can only go so far in protecting their customers, explaining: ?They can protect their web site but unfortunately the user has to take responsibility for their own machine.

?The site can be perfectly secure but if your machine has been compromised and there is a key lock or something like that on your machine then the hacker is going to get everything because it is coming from your machine not from the bank?s.?

As for the topic of his seminar, the answer is that computer user, not the hacker has the advantage, but Mr. Peer said: ?You have to know what you are doing, you can use technology to your advantage but you must make sure that you do that.?

Being in the trade, Mr. Peer always makes sure he has the latest virus protection and firewall standards and he scans his computer for attacks once per week.

?I have been hacked, but I have known I have been hacked so I have been able to say that machine now needs to get rebuilt. I won?t use it again until I completely wipe it and start from scratch. That is the only way I can be confident that machine is safe to use again.?