17 Nov 2004
NatWest suspends online banking services to deflect new phishing attack, Sophos comments
NatWest bank has today been forced to suspend some of its online banking services as it has come under attack from a new phishing scam. Customers logging on to NatWest's online banking service are being advised that they cannot create or amend third party payment mandates or create standing orders.
NatWest has taken these measures following the emergence of an email, which masquerades as an official software update from the bank, which may result in online customers divulging their passwords and unwittingly providing access to their bank accounts.
Â
"Phishing attacks are nothing new - millions of bogus emails are sent every day trying to empty the bank accounts of innocent customers. However, it's rare that these scams result in a bank deciding to shut down some of its online services. It's good to see a financial institution has taken quick action to protect its customers from potential fraud although there may be some inconvenience," said Graham Cluley, senior technology consultant for Sophos. "NatWest customers, and indeed anyone banking online, should remember to be extremely suspicious of unexpected emails that appear to have come from their bank, and never to click on links contained within them."
Defend yourself against phishing scams
Sophos has released three top tips to help online banking customers avoid becoming phishing victims:
- Be wary of emails purporting to come from your bank, and never click on links contained in the emails. Instead, type the website of your bank into your web browser.
- Always run up-to-date anti-virus and anti-spam software, keep security patches up-to-date and defend your computer from hackers with a firewall. This can help protect against Trojan horses and viruses which may be trying to steal confidential login information from you.
- Be cautious of pop-up windows and forms which may appear in front of your online banking website - they may be trying to steal information and send it to hackers.
Sophos has published further information about how to avoid phishing attacks
Sophos recommends companies protect themselves with a consolidated solution which can defend businesses from the threats of both spam and viruses.
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.