A large-scale phishing attack has been launched against Barclays bank customers, with 61 variants of fake emails being sent.
According to security experts, given the number of variants detected, there are several million emails in circulation.
Security company Pandalabs said more than two-thirds of the phishing messages it has seen today target Barclays, with the number of phishing messages normally detected by increasing by 30 per cent due to the magnitude of this attack
The false emails received by people are designed to appear as if they have been sent from Barclays' customer services, with the subject field chosen at random from a list of options. Some of these options include: Barclays bank official update, Barclays bank ? Security update, Please Read or Verify your data with Barclays bank.
The message text, imitating Barclays' corporate image, tells people that the bank is upgrading software and that they should go to a link in order to confirm their bank details.
People that click on the link will access a form, similar to those used by the bank, requesting their account number, credit card number or PIN. The information can then be used to steal money from peoples' accounts.
Luis Corrons, director of Pandalabs, said: ?We believe this could be a coordinated attack, initiated in several places at the same time in order to spread rapidly and gather a considerable amount of confidential bank details in record time.
?This is a sophisticated attack in comparison with those that we usually see. The use of several domains to host spoofed web pages makes it more difficult to disable them. The emails are also far more authentic looking than the usual, often error strewn, messages,? Corrons said.
Panda suggests several practical tips to combat phishing:
- Never access internet services through links, as there are various ways for spoofing the addresses that users see in the browser bar. Instead, type in the URL directly in the address bar.
- If you think an email message could be part of a phishing attack, don't enter any data and contact the bank in question.
- Use technological solutions to minimize the impact of this type of attack, such as anti-virus and security protection.
In July it was revealed that three-quarters of all phishing emails are aimed at eBay or PayPal users.
According to the IT security firm Sophos, an analysis of all phishing emails received so far in 2006 has revealed that 54.3 per cent targeted users of PayPal, while 20.9 per cent attacked customers of the eBay online auction service.
Topic: Large-scale attack against Barclays customers (Read 737 times)