Research from Tumbleweed Communications showed a 400% increase over the period in reports of e-mail fraud and phishing attacks. Working with the Anti-Phishing Working Group, they found more than 60 unique new e-mail fraud attacks were launched – with on-line financial institutions being the largest target group.
While the Bank of England does not have retail customers, an e-mail purporting to be from an administrator at the bank was sent indiscriminately across the internet, advising recipients to download an attached file as a safeguard against credit card fraud.
The Bank of England advised recipients not to download the file and to delete the e-mail immediately. The National Hi-Tech Crime Unit is now investigating. While some reports claim this to be a phishing scam, the nature of the attachment has not yet been made clear – leaving open the possibility that it is a virus, rather than a phishing scam.
Visa customers were victims of a more conventional phishing attack over the holiday period.
According to reports, spam e-mails advised Visa customers to link to a Visa web site in order to comply with a new security system. However, the site did not belong to Visa, but to fraudsters hoping to obtain customer account details. The site has now been removed.
Such attacks are not new, but still catch people out, relying on their trust in a familiar brand to perpetrate the fraud. Usually the phishers send their e-mail using a related trick, known as spoofing, where the identity of the sender is manipulated.
When offering a link to the site, it is easy to disguise the URL. A common trick in phishing scams is to use the @ symbol in the URL. Most browsers will ignore all characters preceding the @ symbol – so the URL http://[email protected] may look to the unsuspecting user like a page of Visa's site. But it simply takes visitors to phishingcrook.com. The longer the URL, the easier it is to conceal the true destination address. Similarly, subdomains are used – e.g. http://www.visa.com.phishingcrook.com again takes visitors to a page of the fraudster's site, rather than visa.com.
Meanwhile, another fraudulent e-mail was sent to Malaysian e-mail users, entitled "Urgent message to all citizens of Malaysia". According to CNET News.com, the e-mail warns of five forthcoming terrorist attacks, with details of the times and locations included. Readers are told that further information is available from a web site, but when the link is clicked a virus is downloaded to the computer.