Monday, March 15, 2010

Phishing Scam Targets Barclays Customers

An intensive phishing scam, with more than 180 messages sent in three minutes, aimed at Barclays customers.



A new phishing attempt has been launched using a misleading email in an attempt to trick potential victims towards a fake Barclays website. The spam message states that the bank has been acquired in the wake of the lending crisis.



The urgency of the matter is emphasised by the specification that “ We temporarily suspended access to your user”. As if that was not enough pressure, the recipients are urged to input their identification data, ”in order to avoid further actions”, which are assumed to be limiting their use of the online banking services even more.



“Banks do not send out this type of message, under any circumstances,” warns BitDefender UK managing director, Nick Billington. “Users should approach any unsolicited message seeking personal data with extreme scepticism. If in doubt simply delete the email,” adds Billington.



According to BitDefender the scam message contains a link which redirects the victims towards a fake website. This employs several PHP scripts designed for pilfering the sensitive data that the victims are asked to provide.



It also seems that fraudsters are getting greedier. After providing name and membership number, Barclays customers would then be taken to a page where they are asked to supply very sensitive information, such as their five digit passcode.



In this final step, a request for an apparently trivial piece of information slips in: the first two letters of the customer’s memorable word. This detail serves as a password recovery hint for online banking accounts.



“This last move should make the alarm bell ring quite loudly, but the most important thing to remember is not to click links in emails which require logins. It is good practice to always type website addresses in manually,” says Nick Billington.



To avoid becoming a victim of phishing attacks, follow the five common-sense tips below:



• Make sure you always activate or turn on your antiphishing or phishing filter, as well as any other security applications or suites before browsing to your e-banking account. Ideally, you should install, activate and update a reliable security solution.



• Make sure that the e-banking Web site uses SSL encryption (Secure Socket Layer) and security authentication methods – look for the “https” prefix and the locked padlock. If you are requested to accept a certificate for the session, check that the name on the certificate matches the name of the institution you wish to deal with and that the certificate is signed by a known Certificate Authority before accepting.



• Avoid using a non-secured computer (like a friend’s desktop or work colleague’s laptop). Still, if you are forced to do so, make sure you at least run BitDefender’s advanced scanning online tool, Quick Scan, before proceeding.



• Do not check your e-banking account from public computers connected to Internet (like those in a library or Internet CafĂ©).



• If you use a wireless connection, make sure that your connection is secured and encrypted and that you know and trust the owner of the access point; also, refrain from using an unsecured public wireless connection (like those in airports or hotels) when banking over the Internet. Still, if force to do so, use an on-screen (virtual keyboard) to enter sensitive data. Although not 100% bulletproof, this technique would guard your data from average keylogger and other sensitive data capture applications.



BitDefender will be participating at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th – 29th April in its new venue Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk





About BitDefender®



BitDefender is the creator of one of the industry’s fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention, emerging as the industry’s anti-malware innovator. Every day, BitDefender protects tens of millions of home and corporate users across the globe — giving them the peace of mind of knowing that their digital experiences will be secure.



BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the company’s security solutions press room. Additionally, BitDefender’s www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.



For more information visit http://www.bitdefender.co.uk



Contact:



Alan Wild

PR Manager BitDefender (UK and Ireland)

Tel: 0845 130 5096

E-mail: awild@bitdefender.co.uk



Issued by:



Mike Ottewell

MJO PR for BitDefender UK

Tel: 01538 361217

E-mail: mike@mjopr.com

Disqus for ePayment News