To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://networks.silicon.com/webwatch/0,39024667,10006005,00.htm

Barclays is latest target of spoofed website fraud
Dodgy email tries to get people to enter account info at fake site

By Andy McCue

Published: Monday 15 September 2003

Barclays Bank is the latest company to have its customers targeted by fraudsters using spam emails and spoofed websites to try and get them to divulge account information and personal details.

Following hot on the heels of the high-profile PayPal and Citibank scams, an email began spreading at the end of last week passing itself off as Barclays customer care asking people to click on a link to what was one of six spoofed Barclays websites.

Those who clicked through were asked to enter account details, Pin numbers and personal information.

Barclays said it received around 400 calls both from customers and non-customers who had received the email and that only a handful had divulged their information.

A spokeswoman said the National Hi-Tech Crime Unit has been contacted and those accounts were frozen immediately and are now being monitored for signs of fraudulent activity. Five of the six spoofed sites have been taken down and the other one frozen.

In addition the bank set a £500 limit on payments out of online accounts to limit any potential fraud losses. The spokeswoman said customers were being warned of the scam and advised them to just ignore the email.

"We have put some notices up on our websites warning customers not to divulge their information but we would never ask customers for that information in that way. Just delete the email," she said.

Chris McNab, technical director of security consultancy Matta, said user education is the main weapon in fighting this kind of fraud, along with a good spam filter to stop these emails getting through to people's inboxes in the first place.