Two separate phishing attacks this week have used a new technique in which VoIP systems are used to imitate a bank's call centre.
The phishing emails are fairly standard, warning of a problem with the user's account and asking them to get in touch.
But the emails give a phone number leading to a VoIP account, with an operator on the end pretending to be from the bank in question or an automated system asking for account details.
"We have seen two separate VoIP attacks hit our network this week, the first we've been able to analyse in detail," said Adam O'Donnell, senior research scientist at anti-spam firm Cloudmark, which detected the attacks.
"In a VoIP phishing attack, the phone system identifies itself to the target as the financial institution and prompts them to enter account number and Pin. The result can be financially devastating."
VoIP-based services allow phishers to add and cancel phone numbers that are harder to trace than conventional numbers.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff