The Bank of England warned customers of an email sting using its name that could be designed to steal financial information or computer passwords on Tuesday.
A bogus email claiming to come from the bank has been sent to at least 100,000 people. The email is forged so that it appears to come from the non-existent address admin@bankofengland.co.uk. The message carries an attachment and advises the recipient to open it in order to remove any snooping software that may be lurking.
The attachment could contain a 鈥渒ey-logger鈥 鈥 a program which memorises the user鈥檚 keystrokes and may pick up and relay potentially valuable information like passwords. Or it could carry a 鈥淭rojan horse鈥 鈥 a program which allows a cyber intruder to remotely control someone else鈥檚 computer. These could be used to steal information from an unwitting victim.
Advertisement
This latest sting is the first time the Bank of England, the UK鈥檚 central bank, has been targeted by such a scam.
The bank has alerted the UK鈥檚 National Hi-Tech Crime Unit (NHTCU) which has launched an investigation. However, a spokeswoman for the NHTCU says tests have so far failed to determine what the email attachment is designed to do.
Automated messages
鈥淲e鈥檙e still investigating,鈥 she told New 杏吧原创. She adds that there are no reports of customers experiencing problems after opening the attachment. The email sting has been traced to Germany but may have originally come from somewhere else, the spokeswoman says.
The bank says it hopes customers would be suspicious of such an unsolicited message carrying an attachment. 鈥淲e are hoping people will realise it鈥檚 something they should just delete,鈥 a spokeswoman says.
The trick was discovered after the bank received thousands of replies, many of them automated messages from people on holiday over the festive period. 鈥淭he security of your personal and account information is extremely important to us,鈥 the bogus message reads. 鈥淏y practising good security habits, you can help us ensure that your private information is protected. Please install our special software.鈥
A number of so-called 鈥phishing鈥 scams have targeted other UK banks in recent months. These involve directing victims to a bogus web site where they are asked to enter sensitive bank information such as account details and pin codes. In October, the Halifax and the NatWest banks shut down their web sites after customers were sent phishing emails. Other UK banks including Barclays, Lloyds TSB and the Nationwide Building Society have also been targeted.