UK bank hit by massive phishing attack

An antivirus company has identified 61 variants of spoofed emails targeting Barclays customers

Customers of Barclays Bank have been alerted to a range of phishing emails designed to steal online banking details. 

Antivirus company Panda Software has identified 61 variants of spoofed emails targeting Barclays customers. 

Panda said that 64 per cent of the phishing messages it has detected in the past few hours were aimed at the UK bank. 

The rush of spoof emails has pushed the number of overall phishing attacks up by 30 per cent.

"The false emails are designed to appear as if they have been sent from Barclays' customer services, with the subject field chosen at random from a list of options," said a statement from Panda Software.

"Some of these options include 'Barclays bank official update', 'Barclays bank Security update' and 'Please Read or Verify your data with Barclays bank'. "

The message text, imitating Barclays' corporate image, informs users that the bank is upgrading its software and that they should go to a link in order to confirm their bank details.

Users who click on the link will see a form similar to those used by the bank, requesting their account number, credit card number or Pin.

Panda warned that the 61 different variants of the email make it very likely that some will bypass anti-spam filters.

The attack also shows signs of being coordinated, since it was initiated in several places at the same time in order to spread rapidly.

It uses at least five false internet addresses based in Korea to hinder attempts to close all of the phishing sites quickly.

"This is a sophisticated attack in comparison with those that we usually see, " said Luis Corrons, director of Panda Labs.

"The use of several domains to host spoofed web pages makes it more difficult to disable them. The emails are also far more authentic looking than the usual, often error-strewn, messages."