The Phishing Threat Against Clients Of Barclays Bank Continues: With Eight New Variants

Published 19th September 2006

PandaLabs has also detected four new active domains hosting spoof web pages.

54% of phishing emails detected by PandaLabs over the last few 24 hours have targeted Barclay's clients...

The phishing attack against clients of Barclays Bank is not letting up. According to PandaLabs, those responsible for this threat have launched at least eight new variants of the email that tries to redirect users to spoof web pages designed to steal confidential data. Similarly, and in order to prevent the attack from being fully neutralized, they have set up four new domains hosting fraudulent web pages. Some of these new domains also host spoof Volksbank web pages.

However, despite the appearance of these new variants and domains, there has been a slight decrease in the number of phishing emails in circulation targeting Barclays Bank clients which, at present, make up 54 percent of the total received by PandaLabs.

“The authors of this attack are proving to be more tenacious than usual, considering both the huge number of messages and the amount of false websites set up and circulated in such a short period of time. The signs are that they have no intention of stopping the attack until they have gathered considerable confidential data, and so users should keep their guard up at all times,” explains Luis Corrons, director of PandaLabs.

In order to combat this threat, Panda Software offers users the Panda ActiveScan free online scanner (www.pandasoftware.com/activescan), and an evaluation version of the Panda Internet Security 2007 security suite.

This attack is based on spoof emails which are made to appear as if they have been sent from Barclays Bank. The (random) subjects used include: Barclays bank official update, Barclays bank – Security update, Please Read or Verify your data with Barclays bank.

The message (which imitates the corporate image of the bank) asks users to confirm their login details due to a software upgrade and provides a link for them to go to the bank's website. This link however does not point to Barclay's web page.

More information and advice about this attack is available in Panda Software’s Encyclopedia at http://www.pandasoftware.com/virus_info/encyclopedia/

Practical tips to combat phishing

- Never access Internet services through links, as there are various ways for spoofing the addresses that users see in the browser bar. Instead, type in the URL directly in the address bar.

- If you think an email message could be part of a phishing attack, don’t enter any data and contact the bank in question.

- Use technological solutions to minimize the impact of this type of attack. The best practice is to use security suites including anti-phishing technologies and that update regularly, such as Panda Internet Security 2007, to prevent the most recent attacks. Panda Software also offers users the Panda ActiveScan (www.pandasoftware.com/activescan) free online scanner to check their computers for malicious code.







Company Profiles powered by ITReseller.com