Web monitoring firm Websense has warned of the attack, which Virgin Money confirmed had already caught two customers. The attack was detected early this morning.
"We are currently looking into this," said John Franklin, PR manager at Virgin Money. "We are getting information from our security team who are looking into it at the moment. So far only two people have been hit as far as we are aware."
Franklin explained that Virgin Money had a dedicated team of security personnel who collect and analyse evidence of attacks in an effort to protect customers.
The emails target credit card customers only, suggesting that the purpose is to perpetrate fraudulent e-commerce transactions or to print cloned cards for use in retail stores.
Large numbers of the emails have been spammed out threatening Virgin Money customers with cancellation of their credit cards if they do not re-enter their details. The emails contain the following text:
We notice that you haven't used our online service recently, and we don't want you to miss out on the fantastic services available to you. If you do not login online within 5 days your account will be temporarily shutdown so no one with unautharised [sic] access can access the account in your absence. To avoid this please follow the following link and login to your account.'
By clicking on the enclosed link the user is taken to a third-party website convincingly designed to mimic the Virgin Money site.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance