This morning news broke that the Nationwide building society had suffered the theft of a laptop which contained customer account information. The Financial Services Authority is currently investigating.
As the news broke you could almost hear the criminals, somewhere in Eastern Europe, counting to 10, waiting to launch a phishing scam exploiting this news.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
Because while the basic principle of phishing hasn't changed the tactics are evolving to employ ever more efficient social engineering techniques.
It used to be the case that phishing scams were pretty random. Send out five million emails to five million random strangers pretending to be from Barclays, or a similar bank, requesting the customer enter their bank details for some trumped up reason.
It was a pretty scattergun approach and the returns were in no way guaranteed, especially as people wised up to the fact their bank – never mind a bank they don't even have an account with – would tend not to email them out of the blue, for no reason.
So now these scammers realise the need for a second string to their bow. As such they are watching the news, waiting for a timely angle. The Nationwide security breach was perfect. Nationwide customers may well have seen the news and therefore an email popping into their inbox, with Nationwide branding and nationwide.co.uk redirects, asking them to update their details due to a security breach may have seemed to make more sense today than it would on any other day.
Of course this was still a scam. Hovering over the URLs revealed they really directed to Russian-hosted servers and hopefully few people were taken in. But at least one member of the silicon.com team with a Nationwide account, who had seen the news this morning and who saw the subsequent phishing email, had to applaud the timing and initiative of these criminals.
The criminals are devising ever more cunning ways to exploit the fear and uncertainty which exists in some people's minds about using email and the internet, and this in turn requires consumers to be ever-more vigilant.
Sadly the rule of thumb now should be to regard everything with suspicion even if it makes perfect sense that the bank should have contacted you.
If you are in any doubt phone your bank and speak to somebody but whatever you do, do not submit any bank details without 100 per cent confidence that you are doing so securely.
Comments
There is 1 comment. Join the discussion
1. James Button
Yes call the number given and pass 'security'
But - seriously - use the number that's given on your statements - not the email, or letter asking you to call.
And - that cold call from your bank offering you a goodie - they'll tell you once you pass the security check..
Ask them to prove they are your bank by passing your security.
(No the mobile phone number of their mate in the next seat on the bus isn't good enough, even if they do confirm the original caller is 'genuwine')
If they cannot prove who they are, and that they have been 'Authorised' to call you, and can provide details of your security codes, then fill in a complaint form at the bank and make the manager write and explain the banks security policy regarding losses after you have told a cold caller your security details.
Then complain again asking for an explanation as to why they are involved in cold calling marketting, and what they think that does to their legal status regarding fraud.
Barclays, NatWest, HSBOS, LloydsTSB, Abbey, - how about a response in this forum