Phishing expedition hits four banks and building societies

The first set of e-mails was sent on Friday, targeting NatWest customers. This was followed over the weekend by random mailings looking for Halifax, Nationwide, and Barclays users.

The e-mails instructed customers to divulge their account details on a web site designed to look like the purported senders' site, advising them that this was necessary for a security check to be carried out. Instead, the fraudsters would empty the customers' accounts.

Phishing attacks are not new, but still catch people out, relying on their trust in a familiar brand to perpetrate the fraud. Usually the phishers send their e-mail using a related trick, known as spoofing, where the identity of the sender is manipulated to foster that trust.

According to advice given by the National Hi-Tech Crime Unit (NHTCU) only last week, the phishing scams may be the first stage in a more complex fraud, whereby the fraudsters, typically located outside the UK, need help from intermediaries to transfer money abroad from the victims' on-line account.

Over the past few weeks, they have tried recruiting intermediaries by another spam attack that offers recipients the chance to make some easy money by acting as a UK agent to a business overseas. They are asked to receive funds into their account and send the funds overseas, less a commission. If someone agrees to help, their account is used as part of the scam to send the stolen funds overseas.

The NHTCU, APACS (the Association for Payment Clearing Services) and the BBA (British Bankers' Association) have issued a checklist for UK consumers to help protect themselves against such scams.

The checklist covers, for example, knowing who you're dealing with, keeping passwords safe, and checking your bank statements.