Sep 14 2006

Barclays Bank is warning its customers to be aware of a range of phishing emails designed to steal their online banking details.

Panda Software, an antivirus company, said that several hours of investigation some 64 per cent of phishing email it had detected were aimed at Barclays customers, pushing up the number of overall phishing attacks by 30 per cent.

The online security firm said that so far 61 variants of the phishing emails aimed at Barclays have been identified, making it likely that at least some will evade anti-spam filters.

A statement from Panda Software said: 'The false emails are designed to appear as if they have been sent from Barclays' customer services, with the subject field chosen at random from a list of options," said a statement from Panda Software.

'Some of these options include 'Barclays bank official update', 'Barclays bank Security update' and 'Please Read or Verify your data with Barclays bank'.

The messages ape Barclay's corporate image, informing users that the high-street bank is updating its software and requesting they follow a link to confirm their bank details. Users will then be asked to enter their account number, credit card number and PIN.

More than five false internet addresses in Korea are being used to avoid all attempts at closing the sites down, leading many experts to conclude the attack is coordinated.

Luis Corrons, director of Panda Labs, said: 'This is a sophisticated attack in comparison with those that we usually see.

'The use of several domains to host spoofed web pages makes it more difficult to disable them. The emails are also far more authentic looking than the usual, often error-strewn, messages.'