NEWS A criminal element from Russia may be responsible for the recent spate of spoof emails that have attempted to con online-banking customers into revealing their account details.
Over the past month, Internet banking customers of Barclays, Lloyds TSB, Halifax and more recently, NatWest, have received emails that appear to be from their bank, asking them to confirm their personal details. The emails contain a hyperlink that takes the unsuspecting user to what looks like their bank's official Web site, but has actually been set up by a third party in order to collect details that could be used fraudulently.
The scam is reminiscent of the infamous "419" scam emails, where the scammer offers large sums of money in exchange for assistance with transferring funds out of Nigeria or other countries, but experts believe that the new frauds originate from Russia.
Pete Simpson, ThreatLab manager at software security company Clearswift, told ZDNet UK that although there is still no solid evidence that the Russians are behind the emails, a significant number of the scams have been originating from the same source.
"They appear to be coming out of Russia via an ISP in New Zealand at the minute, but that can switch any time," said Simpson. He added that the new scams are more organised than the 419 scams, representing "a concerted project as opposed to the odd fishing expedition."
The scammers are getting more creative in order to fool people into handing over valuable information, Simpson said, giving an example of a recent suspicious email disguised as a lucrative job offer. The email says that a total of 12 candidates have been short listed for a highly-paid job, but the recipient is offered the "first bite of the cherry" if they respond.
Simpson said that the recent bank scam emails will only be able to cause problems if people respond to them right away. "They tend to be short-lived affairs because if they get someone, the chances are that people will spot it and take various steps to shut the Web site down in a matter of hours," he said.
Because the emails are sent to so many people, it only takes a few responses to make the scam profitable, Simpson said. "There are a small number of people that will fall for it, but you only need a small return to make it worth while," he said.
Munir Kotadia writes for ZDNet UK
Comments
There are 5 comments. Join the discussion
1. anonymous
my 2 cents on this article:
- in what way is this similar to the nigerian scams? in that it's a scam?
- ... "no solid evidence that the Russians are behind the emails": who are "the russians", please?
2. anonymous
How have they got hold of the customer lists to do this?
3. Cameron
They don't have the customer lists, just sending mass emails, good old law of averages says they will get a hit every now and again.
We have warned all staff about this but funily enough no-one I spoke to had heard anything from the bank ???
4. Mike
I received one of these emails this morning, purportedly from HSBC, of whom I am not even a customer. I attempted for over 40 minutes (international call at my expense) to contact their fraud department without success, eventually left a message with the credit card loss department, who promised to have someone call me back and they haven't had the common courtesy to do so.
Guess who will NOT be in line if I ever need to review my currently satisfactory offshore banking arrangements.
5. Jim Price
I fear they must have lists. I have had two of these mails, the Coventry BS was very interested, concerned and helpful. After 15 minutes in HSBC call queue their agent couldn't get rid of me quick enough - 'no' they didn't want a copy and 'no' there was nobody I could e-mail about it. I am a customer of CBS and HSBC - I have not had such a mail relating to any other bank