Leader: Phishers raise their game

This morning news broke that the Nationwide building society had suffered the theft of a laptop which contained customer account information. The Financial Services Authority is currently investigating.

As the news broke you could almost hear the criminals, somewhere in Eastern Europe, counting to 10, waiting to launch a phishing scam exploiting this news.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

Because while the basic principle of phishing hasn't changed the tactics are evolving to employ ever more efficient social engineering techniques.

It used to be the case that phishing scams were pretty random. Send out five million emails to five million random strangers pretending to be from Barclays, or a similar bank, requesting the customer enter their bank details for some trumped up reason.

It was a pretty scattergun approach and the returns were in no way guaranteed, especially as people wised up to the fact their bank – never mind a bank they don't even have an account with – would tend not to email them out of the blue, for no reason.

So now these scammers realise the need for a second string to their bow. As such they are watching the news, waiting for a timely angle. The Nationwide security breach was perfect. Nationwide customers may well have seen the news and therefore an email popping into their inbox, with Nationwide branding and nationwide.co.uk redirects, asking them to update their details due to a security breach may have seemed to make more sense today than it would on any other day.

Of course this was still a scam. Hovering over the URLs revealed they really directed to Russian-hosted servers and hopefully few people were taken in. But at least one member of the silicon.com team with a Nationwide account, who had seen the news this morning and who saw the subsequent phishing email, had to applaud the timing and initiative of these criminals.

The criminals are devising ever more cunning ways to exploit the fear and uncertainty which exists in some people's minds about using email and the internet, and this in turn requires consumers to be ever-more vigilant.

Sadly the rule of thumb now should be to regard everything with suspicion even if it makes perfect sense that the bank should have contacted you.

If you are in any doubt phone your bank and speak to somebody but whatever you do, do not submit any bank details without 100 per cent confidence that you are doing so securely.