The first set of e-mails was sent on Friday, targeting NatWest
customers. This was followed over the weekend by random mailings
looking for Halifax, Nationwide, and Barclays users.
The e-mails instructed customers to divulge their account
details on a web site designed to look like the purported senders'
site, advising them that this was necessary for a security check to
be carried out. Instead, the fraudsters would empty the customers'
accounts.
Phishing attacks are not new, but still catch people out,
relying on their trust in a familiar brand to perpetrate the fraud.
Usually the phishers send their e-mail using a related trick, known
as spoofing, where the identity of the sender is manipulated to
foster that trust.
According to advice given by the National Hi-Tech Crime Unit
(NHTCU) only last week, the phishing scams may be the first stage
in a more complex fraud, whereby the fraudsters, typically located
outside the UK, need help from intermediaries to transfer money
abroad from the victims' on-line account.
Over the past few weeks, they have tried recruiting
intermediaries by another spam attack that offers recipients the
chance to make some easy money by acting as a UK agent to a
business overseas. They are asked to receive funds into their
account and send the funds overseas, less a commission. If someone
agrees to help, their account is used as part of the scam to send
the stolen funds overseas.
The NHTCU, APACS (the Association for Payment Clearing Services)
and the BBA (British Bankers' Association) have issued a checklist
for UK consumers to help protect themselves against such scams.
The checklist covers, for example, knowing who you're dealing
with, keeping passwords safe, and checking your bank
statements.
