PandaLabs has detected a large-scale phishing attack targeting clients of Barclays Bank’s online services, and involving at least 61 variants of a spoof e-mail. The scale of this attack has seen the number of fraudulent e-mails detected by PandaLabs increase by 30 percent in just a few hours.
In fact, of all phishing messages currently analyzed, some 64 percent target Barclays’ clients. Given the number of variants detected, estimates put the number of these e-mails in circulation at several million.
Jeremy Matthews of Panda Software explains: “We believe this could be a coordinated attack, initiated in several places at the same time, in order to spread rapidly and gather a considerable amount of confidential bank details in record time.
“This is a very sophisticated attack in comparison with those that we usually see. The use of several domains to host spoofed webpages makes it more difficult to disable them. The e-mails are also far more authentic-looking than the usual, often error-strewn messages.”
The false e-mails received by users are designed to appear as if they have been sent from Barclays’ customer services, with the subject field chosen at random from a list of options. Some of these options include: Barclays bank official update, Barclays bank—Security update, Please Read or Verify your data with Barclays bank. (The full list is available at Panda Software’s Virus Encyclopedia.)
The message text, imitating Barclays’ corporate image, informs users that the bank is upgrading software and that they should go to a link in order to confirm their bank details. Users who click on the link will access a form, similar to those used by the bank, requesting their account number, credit card number or PIN. There are 61 different variants of this message, using a wide range of message subjects and sender addresses. This tactic is used deliberately in order to bypass antispam systems.
It is significant that not all of the e-mail messages point to the same Internet address in order to collect stolen data, but in fact, the criminals have prepared at least five false domains to hinder attempts to close all of them down. In any event, PandaLabs is contacting the technicians in charge of the sites that have been located—all of them in Korea—in order to shut them down as quickly as possible.
Practical tips to combat phishing:
Never access Internet services through links, as there are various ways for spoofing the addresses that users see in the browser bar. Instead, type in the URL directly in the address bar.
If you think an e-mail message could be part of a phishing attack, do not enter any data and contact the bank in question.
- Use technological solutions to minimize the impact of this type of attack. The best practice is to use security suites, including antiphishing technologies, which update regularly, to prevent the most recent attacks. Examples of these types of suites include Panda Antivirus+Firewall 2007 and Panda Internet Security 2007.
-Computing SA staff, Computing South Africa
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.