Bank scam may originate from Russia

Summary:Emails attempting to trick customers out of their bank account details could be a Russian version of the 419 email scam, according to a security expert

A criminal element from Russia may be responsible for the recent spate of spoof emails that have attempted to con online-banking customers into revealing their account details.

Over the past month, Internet banking customers of Barclays, Lloyds TSB, Halifax and more recently, NatWest, have received emails that appear to be from their bank, asking them to confirm their personal details. The emails contain a hyperlink that takes the unsuspecting user to what looks like their bank's official Web site, but has actually been set up by a third party in order to collect details that could be used fraudulently.

The scam is reminiscent of the infamous "419" scam emails, where the scammer offers large sums of money in exchange for assistance with transferring funds out of Nigeria or other countries, but experts believe that the new frauds originate from Russia.

Pete Simpson, ThreatLab manager at software security company Clearswift, told ZDNet UK that although there is still no solid evidence that the Russians are behind the emails, a significant number of the scams have been originating from the same source. "They appear to be coming out of Russia via an ISP in New Zealand at the minute, but that can switch any time," said Simpson. He said that the new scams are more organised than the 419 scams, representing "a concerted project as opposed to the odd fishing expedition."

The scammers are getting more creative in order to fool people into handing over valuable information, Simpson said, giving an example of a recent suspicious email disguised as a lucrative job offer. The email says that a total of 12 candidates have been short listed for a highly-paid job, but the recipient is offered the "first bite of the cherry" if they respond.

Simpson said that the recent bank scam emails will only be able to cause problems if people respond to them right away. "They tend to be short-lived affairs because if they get someone, the chances are that people will spot it and take various steps to shut the Web site down in a matter of hours," he said.

Because the emails are sent to so many people, it only takes a few responses to make the scam profitable, Simpson said. "There are a small number of people that will fall for it, but you only need a small return to make it worth while," he said.

Topics: Security

About

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.