This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Banks investigate security breach allegations

Share this article:

Santander and NatWest Banks are investigating a potential security breach of customers' email accounts, following the discovery of a new Trojan attack that has alarmed some recipients.

Santander and NatWest Banks are investigating a potential security breach of customers' email accounts, following the discovery of a new Trojan attack that has alarmed some recipients.

The malware, which was revealed by Belgian security firm MX Lab on Monday 4th November, uses a fake email from NatWest about a ‘Direct debiting seminar' to distribute Trojan software.

But when MX Lab CEO Peter Louies blogged to reveal the attack, comments back suggested the Trojan had been sent to private email addresses that should only be known to, and used by, Santander Bank and by the Government Gateway and NatWest FastPay service.

One commentator, ‘Fs Ck', said: “Interestingly I have had two emails to two addresses EXCLUSIVELY used with Santander in UK. I run all my banking in a non-persistent Linux live-distro and therefore this MUST have been from a bank security breach. I have around 500 different email addresses and not a single one of the others have had a similar email in five years. In fact no spam filtering and this is the first phishing email in five years. Santander – you have been hacked…”

Another commentator, ‘Steven K', replying to the possibility that Easyspace hosting might also be a factor, emphasised: “I also had this email on an account ONLY used by Santander UK; I've never had anything to do with Easyspace. What are the chances of Santander owning up and emailing everybody in their mailing list and warning them their email addresses have been exposed?  I would rate it at slim to none...”

A third commentator, ‘Chas', said they had received the spear phish to a number of email addresses - “but one of them has only been used with Government Gateway and NatWest FastPay”.

Santander's UK information security team was looking into the reports as SC Magazine UK went to press.  Meanwhile, a NatWest/RBS Bank spokesperson commented: “We take security very seriously and will investigate further. However, at this time, we have no indication that the bank has suffered a breach.”

Peter Louies at MX Lab said the ‘NatWest' email purports to come from Graham Nevin, a senior relationship manager based in Sheffield. The wording is plausible and a LinkedIn profile exists for Nevin.

The malware is among a spate of recent banking and finance-based attacks. Louies said MX had discovered other Trojan campaigns this week based on spoof emails from the UK's Inland Revenue and Companies House.

Elsewhere, security blogger Bart Blaze of Panda Security last week reported a new variant of the Caphaw banking malware being distributed via Skype. Caphaw, also known as Shylock, targets the customers of at least 24 major banks including Bank of Scotland, Barclays and the Co-Operative Bank.

Meanwhile, a survey published last week by Kaspersky Lab and Barclays found that 47 per cent of people have received bogus emails allegedly coming from a bank – and about 4 per cent of respondents admitted they had lost money to cyber criminals.

Peter Louies explained to that Trojan attacks come in waves. “You will have several weeks where we don't have many and other weeks where there are multiple variants. Recently spear phishing attempts have diminished and now we have more Trojans.”

Louies said he had not verified the comments to his blog which alleged that the malware was using email addresses created exclusively for banking accounts.

Share this article:

Next Article in News

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

SharePoint users break own security rules

SharePoint users break own security rules

Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.

Heartbleed slows down the internet

Heartbleed slows down the internet

As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.

Biometric data collection sparks privacy debate

Biometric data collection sparks privacy debate

You could be implicated as a criminal suspect, just by virtue of having that image in the non-criminal file, says the Electronic Frontier Foundation (EFF).