A large-scale phishing attack targeting Barclays Bank and involving at least 61 variants of a spoof email has been exposed.
The scale of the attack saw a 30 percent increase of fraudulent emails in just a few hours, according to security company PandaLabs. Of all phishing messages being sent at the moment, 64 percent are targeting Barclays' clients, equating to several million emails.
Panda Software's managing director, Jeremy Matthews, warned: "We believe this could be a co-ordinated attack, initiated in several places at the same time, in order to spread rapidly and gather a considerable amount of confidential bank details in record time.
"This is a very sophisticated attack in comparison with those that we usually see. The use of several domains to host spoofed web pages makes it more difficult to disable them. The emails are also far more authentic-looking than the usual, often error-strewn messages."
The false emails are designed to appear as if they have been sent from Barclays' customer services, with the subject field chosen at random from a list of options. Some of these options include: "Barclays bank official update"; "Barclays bank – Security update"; "Please Read"; or "Verify your data with Barclays bank".
The message text, imitating Barclays' corporate look, informs users that the bank is upgrading software and that they should go to a link in order to confirm their bank details. Users that click on the link will access a form, similar to those used by the bank, requesting their account number, credit card number or PIN. There are 61 different variants of this message, using a wide range of message subjects and sender addresses, in order to bypass antispam systems.
It is significant that not all of the email messages point to the same internet address in order to collect stolen data. In fact, the criminals have prepared at least five false domains to hinder attempts to close them down. PandaLabs is contacting the technicians in charge of the sites that have been located – all of them in Korea – in order to shut them down as quickly as possible.