Security experts at Sophos, a world leader in protecting
businesses against viruses and spam, have welcomed the news that
Microsoft has acted to prevent a stream of recent email scams
designed to steal online banking details.
Microsoft has issued a security patch which reportedly secures a
vulnerability that had allowed scammers to "phish" for bank account
details and confidential information by disguising the internet
address of a fake website as that of legitimate online banks.
In recent months there have been a large number of reports of
computer users receiving emails claiming to be from online banks
with what seemed, on casual inspection, to be a link pointing to
the bank's website. However, the link would really redirect users
to a bogus website set up by the scammer. The bogus website would
typically mimic that of the genuine site, and ask the user to
confirm their account details, passwords, and other personal
details.
"It's good to see that Microsoft has patched against this
important security problem, before more online bank accounts were
drained by fraudsters," said Graham Cluley, senior technology
consultant at Sophos. "All computer users should ensure their
systems are properly protected with the latest patches."
Recently bogus emails have claimed to come from a number of
banks including Nationwide, NatWest, Barclays, Westpac and Halifax.
Computer users and system administrators can read more about the security patch on Microsoft's
website.
"Home users might consider checking out the services Microsoft
offers at windowsupdate.microsoft.com, which can scan your home
PC for security vulnerabilities and suggest which critical patches
need to be installed," continued Cluley.
The UK National Hi-Tech Crime Unit has said it has stepped up
its investigations of scams, but that there is a risk prosecutions
could be hampered by inadequate laws in the countries where some of
the scammers operate.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.