Computer security company BitDefender says Barclays’ customers have been the target of a new phishing attack.

It reported the phishing attack involved a trick email which tried to lure the Barclays customers to a false Barclays website. The email stated Barclays had been acquired by another company as a result of the lending crisis.

To increase the sense of urgency and the need to take swift action, the email used the words, “We temporarily suspend access to your user…”, plus the old chestnut, “…in order to avoid further action…” hinting that failure to do as the email said, would mean a cessation of banking services.

And the message contained a link which directed the readers of the message to the false website. Once on the false website – made to look like an official Barclays web space – the banks’ customers were being asked not only for their very sensitive five digit passcode, but also details of their memorable word. This detail is useful as its used as a password recovery hint for online bank accounts.

Nick Billington, BitDefender UK managing director, warned people to be on the watch for such blatant attacks. He said:
“Banks do not send out this type of message, under any circumstances. Users should approach any unsolicited message seeking personal data with extreme scepticism. If in doubt simply delete the email.

“But the most important thing to remember is not to click links in emails which require logins. It is good practice to always type website addresses in manually.”

How to protect yourself from phising scams

To help people avoid being taken for a ride by such scams, BitDefender reminds everyone of some common sense rules.

Firstly, use an anti-phishing filter, as well as tour other security applications provided by your security suite, before you browse onto your online bank account. Secondly, ensure that the site your bank’s site uses SSL encryption (Secure Socket Layer) and security authentication methods – look for the “https” prefix and the locked padlock.

Thirdly, avoid using a non-secured computer; don’t use any computer but your own and that should have good computer security applications running in the background. Fourthly, along the same lines as the previous point, do not ever use public computers to check your bank details.

And fifthly, if you are using your own laptop say on the road, do not use wireless connections unless they can be secured and encrypted. Wireless signals can be ‘captured’ and sensitive information hijacked; what’s known in the jargon as a drive by attack.

So, online banking is convenient and a useful tool, but always be aware that access to your account is what the cyber-criminals are after.

Guest Article by Neil Camp