It was back to Victoria today for the annual E-crime Congress, where the great and the good gathered to hear from a selection of the world’s top e-criminals, sorry e-crime experts, about the latest on the subject. From a reporting perspective it’s usually worthwhile as it makes a refreshing change from the Infosec hell of vendor self-interest stories. There’s always fair spattering of government, law enforcement and cyber crime  gurus from around the world, although in recent years, us filthy hacks have been banned for most of the sessions bar the opening keynote on each day. But, thankfully, members of press received a note from the organisers informing them that they were free to "circulate through the exhibition and coffee areas at will". Phew, thought I was going to actually miss something important.

In the end the talk focused on phishing and online fraud, and what Soca is doing around e-crime, which it has been given a hard time about since the world-renowned NHTCU was subsumed into its gargantuan frame. Director general Bill Hughes and e-crime head Sharon Lemon acknowledged to their credit that there is still a long way to go in terms of outreach to the industry and forming alliances globally – a vital part of the fight against internet-related crime. But Hughes was more bullish when defending his organisation against some of the criticism – or rubbish, as he called it – that has been written about it in the press, mainly about it not taking e-crime as seriously as the NHTCU did. I can't comment on what goes on inside Soca, because, as they're not bound by the Freedom of Information Act, they can be rather impenetrable, but this criticism has certainly not been dreamt up by the press…I have personally spoken to businesses who are disappointed at the level of engagement and the outreach currently being made by Soca.

A lot of the time these conferences are basically just a lot of people with different opinions contradicting each other, which makes for very 'he said, she said' stories. There was a bit of that here: Joseph Sullivan from PayPal said web hosters should be encouraged to take down phishing sites earlier, perhaps with Good Samaritan legislation which negates them from any legal liability. Others said 'are you mad? What about those countries that don't want to push through this kind of legislation?'. Which is true; there'll always be small gaps in the global fight against e-crime somewhere, and that's all there needs to be.

Which brings us on to another theme – education. Again, there were proponents, specifically William Beer, European director of Symantec's Security Practice, who said the education message needs to be tailored more to individual groups in society, like the elderly, or teenagers. He also noted that current advice on phishing often ignores the new forms of the social engineering-based attack including SMS phishing, and voice phishing, the latter being when a fraudulent phone number is included at the bottom of an email, which users are encouraged to call instead of clicking on a dodgy URL. Then of course, others, like F-Secure's Mikko Hypponen, and PayPal's Joseph Sullivan occupied the pessimist's view and maintained that no amount of education is going to do anything to stop online fraud. Better stop writing; getting a bit depressed now…