PandaLabs has detected a large-scale phishing attack targeting clients of Barclays Bank’s online services and involving at least 61 variants of a spoof email. The scale of this attack has seen the number of fraudulent emails detected by PandaLabs increase by 30 percent in just a few hours.
In fact, of all phishing messages currently analyzed, some 64 percent target Barclays’ clients. Given the number of variants detected, estimates put the number of these emails in circulation at several million.
The false emails received by users are designed to appear as if they have been sent from Barclays´ customer services, with the subject field chosen at random from a list of options. Some of these options include: Barclays bank official update, Barclays bank – Security update, Please Read or Verify your data with Barclays bank (the full list is available at Panda Software’s Virus Encyclopedia).
The message text, imitating Barclays’ corporate image, informs users that the bank is upgrading software and that they should go to a link in order to confirm their bank details. Users that click on the link will access a form, similar to those used by the bank, requesting their account number, credit card number or PIN. There are 61 different variants of this message, using a wide range of message subjects and sender addresses. This tactic is used deliberately in order to bypass antispam systems.