Bitdefender has warned that 0.5 per cent of all spam sent worldwide is targeting customers of some of the most popular British financial institutions and services, including PayPal, Lloyds Banking Group, HSBC Holdings and Barclays Bank. These e-mails are designed to steal critical bank-related data by tricking people into typing in sensitive identification information including banking username and password, credit card number, expiration date, name, and country. Some spam e-mails deliver fake bank forms, while others distribute the infamous Zbot Trojan hidden in attachments allegedly sent by reputable financial institutions. Catalin Cosoi, Chief Security Strategist at Bitdefender, says:” 0.5 per cent of phishing e-mails might sound like a small number, but phishing attacks are less random than other types of spam. Some phishers send a message for a few hours, stop to alter the content or attachment to avoid detection and then send it again.” On average, phishing accounts for three per cent of unsolicited e-mails sent worldwide. Last year the UK was the country hit by the highest number of phishing attacks mainly due to the prevalence of internet connections in British households” more than 80 per cent according to the UN’s net-connectivity table. As eager adopters of online banking services, Britons are priority targets for phishing attacks. Bitdefender’s anti-spam lab found some spammers sharing servers or recipient lists, with spam e-mails targeting Lloyds and HSBC being sent from servers located in countries including Russia, Italy, the US, India, Australia or the United Arab Emirates. Bitdefender cites three recent examples of phishing e-mails sent under the guise of UK financial institutions, and advises that consumers should be cautious when opening e-mails purporting to be from financial establishments. A recent message allegedly sent by Lloyds informed users that they had received a new payment and invited users to open a malicious attachment. A similar message allegedly from HSBC advised of a failed payment yet was designed to deliver Trojan Zbot with the intention of collecting as much financial data from active bank accounts as possible. Barclays’ impersonation notified customers that their accounts had been temporarily suspended and prompted users to fill in data within an attachment in order to reactivate it. This attachment was, however, an executable file designed to retrieve Zeus on their systems. ” As a rule of thumb, remember that banks never ask customers to divulge sensitive data via e-mail,” advises Cosoi.” When in doubt, users should always call the bank or, better yet, go to the nearest branch to ask for more details in person. A good security solution will mark the unsolicited e-mails as spam and block phishing pages as malicious or suspicious.”
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.