Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Phishing Scam Targets Customers of Barclays Bank

BitDefender UK : 16 March, 2010  (Technical Article)
BitDefender has provided advice aimed at Barclays Bank customers to avoid falling victim to phishing attempts which seek to gain confidential password information for access to bank accounts
According to BitDefender, a new phishing attempt has been launched using a misleading email in an attempt to trick potential victims towards a fake Barclays website. The spam message states that the bank has been acquired in the wake of the lending crisis.

The urgency of the matter is emphasised by the specification that " We temporarily suspended access to your user". As if that was not enough pressure, the recipients are urged to input their identification data, "in order to avoid further actions", which are assumed to be limiting their use of the online banking services even more.

"Banks do not send out this type of message, under any circumstances," warns BitDefender UK managing director, Nick Billington. "Users should approach any unsolicited message seeking personal data with extreme scepticism. If in doubt simply delete the email," adds Billington.

According to BitDefender the scam message contains a link which redirects the victims towards a fake website. This employs several PHP scripts designed for pilfering the sensitive data that the victims are asked to provide.

It also seems that fraudsters are getting greedier. After providing name and membership number, Barclays customers would then be taken to a page where they are asked to supply very sensitive information, such as their five digit passcode.

In this final step, a request for an apparently trivial piece of information slips in: the first two letters of the customer's memorable word. This detail serves as a password recovery hint for online banking accounts.

"This last move should make the alarm bell ring quite loudly, but the most important thing to remember is not to click links in emails which require logins. It is good practice to always type website addresses in manually," says Nick Billington.

To avoid becoming a victim of phishing attacks, follow the five common-sense tips below:

• Make sure you always activate or turn on your antiphishing or phishing filter, as well as any other security applications or suites before browsing to your e-banking account. Ideally, you should install, activate and update a reliable security solution.

• Make sure that the e-banking Web site uses SSL encryption (Secure Socket Layer) and security authentication methods - look for the "https" prefix and the locked padlock. If you are requested to accept a certificate for the session, check that the name on the certificate matches the name of the institution you wish to deal with and that the certificate is signed by a known Certificate Authority before accepting.

• Avoid using a non-secured computer (like a friend's desktop or work colleague's laptop). Still, if you are forced to do so, make sure you at least run BitDefender's advanced scanning online tool, Quick Scan, before proceeding.

• Do not check your e-banking account from public computers connected to Internet (like those in a library or Internet Café).

• If you use a wireless connection, make sure that your connection is secured and encrypted and that you know and trust the owner of the access point; also, refrain from using an unsecured public wireless connection (like those in airports or hotels) when banking over the Internet. Still, if force to do so, use an on-screen (virtual keyboard) to enter sensitive data. Although not 100% bulletproof, this technique would guard your data from average Keylogger and other sensitive data capture applications.

BitDefender will be participating at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th - 29th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo