It seems that the e-mail purporting to come from Barclays was
sent as spam, going to random addresses in the hope that it would
hit the inboxes of some Barclays customers.
It instructed customers to divulge their account details on a
web site designed to look like the bank's, advising them that this
was necessary for a security check to be carried out. Instead, the
fraudsters would empty the customers' accounts.
Phishing attacks are not new, but still catch people out,
relying on their trust in a familiar brand to perpetrate the fraud.
Usually the phishers send their e-mail using a related trick, known
as spoofing, where the identity of the sender is manipulated to
foster that trust.
A spokeswoman for Barclays told Reuters, "Barclays is in no way
involved with this e-mail and the web site does not belong to us,"
Referring to the fraudulent sites, she confirmed, "We have now
closed down five of the six web sites and locked the sixth."
Until the matter is resolved, said the spokeswoman, Barclays
would restrict on-line withdrawals to £500. The police are
investigating.
