Ulster Bank targeted in new phishing email scam
A new phishing attack targeting customers of Ulster Bank has been discovered, weeks after a similar fraud was attempted on AIB. Websense Security Labs revealed today that it has received reports of the fraud, whereby users receive a spoofed email message claiming that their account details must be verified due to software maintenance and system upgrades. The message links to a phishing website that requests users to log on and provide account details.
This is a common ploy for such scams as users are tricked into entering their login details, believing that they are accessing the genuine bank website. In fact, the site is a fake and the confidential passwords are at risk of ending up in the hands of third parties. According to Websense, the phishing site is hosted in the US and was up at the time it issued the alert, around noon on Tuesday 27 June.
Sample text of the email shows that it appears to come from Jim McDermott, online security advisor at Ulster Bank. However, a spokesperson for the bank confirmed to siliconrepublic.com that there is no employee by that name in that role.
The email asks users to verify their account details in order for the bank to carry out planned software maintenance. In an effort to make the order seem urgent, the message claims that this exercise is obligatory for all Ulster Bank customers. It also claims that for security reasons, users' accounts may be suspended if they are not properly verified before Saturday 31 June.
This is believed to be the first phishing fraud to use the Ulster Bank name. Previous attempts against Irish consumers have targeted AIB, Bank of Ireland and the credit card issuer MBNA. AIB was targeted as recently as early June.
Ulster Bank said it "takes fraud extremely seriously and has stringent security processes in place to protect its customers, which we constantly review". The bank added that it would never ask customers to provide this type of information by email and urged any customer receiving such a message to delete it without responding. Anyone who has responded to the message is requested to contact the bank immediately.
"When customers log onto Ulster Bank Internet Banking they are only ever asked for random digits or letters from their password and PIN," the statement continued. "We would never ask for a customer's full PIN and password."
Reproduced from an article published by SiliconRepublic.com
© SiliconRepublic.com
The original article can be viewed here:
http://www.siliconrepublic.com/news/news.nv?storyid=single6657
Permalink Bookmark Digg this story
