It seems that the e-mail purporting to come from Barclays was sent as spam, going to random addresses in the hope that it would hit the inboxes of some Barclays customers.
It instructed customers to divulge their account details on a web site designed to look like the bank's, advising them that this was necessary for a security check to be carried out. Instead, the fraudsters would empty the customers' accounts.
Phishing attacks are not new, but still catch people out, relying on their trust in a familiar brand to perpetrate the fraud. Usually the phishers send their e-mail using a related trick, known as spoofing, where the identity of the sender is manipulated to foster that trust.
A spokeswoman for Barclays told Reuters, "Barclays is in no way involved with this e-mail and the web site does not belong to us," Referring to the fraudulent sites, she confirmed, "We have now closed down five of the six web sites and locked the sixth."
Until the matter is resolved, said the spokeswoman, Barclays would restrict on-line withdrawals to £500. The police are investigating.