Security experts today warned that a single botnet is being used to bombard UK firms with millions of phishing emails.

According to BlackSpider Technologies, the huge botnet of zombie computers controls more than 20,000 distinct IP addresses. It began sending out the phishing emails on Sunday, and over 24 hours the security firm estimates it sent out more than 8.1 million emails.

The subject lines of the emails invariably refer to either NatWest or Bank of Scotland. Examples include:

The phishing emails contain an inline image and if recipients click on the image, they are directed to a website where they are instructed to input their personal information. Once entered, the information can then be used by the cyber criminals behind the attack to siphon cash from victims’ bank accounts.

James Kay, CTO, BlackSpider Technologies, said: “In security terms, phishing attacks are nothing new. What we’re not used to seeing, however, is such a high volume of phishing emails being directed by one source. Given the sheer number of emails involved in this attack, a lot of people could end up being duped and out of pocket.”