In this section

• Home
• Press office
• News archive
• Articles
• 2004
• 11

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Sophos blogs

• SophosLabs blog
• Graham Cluley's blog
• Paul Ducklin's blog
• Chet's blog

Info feeds

• Security news
• Company news
• More...

What are info feeds?

17 November 2004

NatWest suspends online banking services to deflect new phishing attack, Sophos comments

NatWest bank has today been forced to suspend some of its online banking services as it has come under attack from a new phishing scam. Customers logging on to NatWest's online banking service are being advised that they cannot create or amend third party payment mandates or create standing orders.

NatWest has taken these measures following the emergence of an email, which masquerades as an official software update from the bank, which may result in online customers divulging their passwords and unwittingly providing access to their bank accounts.

"Phishing attacks are nothing new - millions of bogus emails are sent every day trying to empty the bank accounts of innocent customers. However, it's rare that these scams result in a bank deciding to shut down some of its online services. It's good to see a financial institution has taken quick action to protect its customers from potential fraud although there may be some inconvenience," said Graham Cluley, senior technology consultant for Sophos. "NatWest customers, and indeed anyone banking online, should remember to be extremely suspicious of unexpected emails that appear to have come from their bank, and never to click on links contained within them."

Defend yourself against phishing scams

Sophos has released three top tips to help online banking customers avoid becoming phishing victims:

• Be wary of emails purporting to come from your bank, and never click on links contained in the emails. Instead, type the website of your bank into your web browser.
• Always run up-to-date anti-virus and anti-spam software, keep security patches up-to-date and defend your computer from hackers with a firewall. This can help protect against Trojan horses and viruses which may be trying to steal confidential login information from you.
• Be cautious of pop-up windows and forms which may appear in front of your online banking website - they may be trying to steal information and send it to hackers.

Sophos has published further information about how to avoid phishing attacks

Sophos recommends companies protect themselves with a consolidated solution which can defend businesses from the threats of both spam and viruses.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot