Phishing season starts in UK

HSBC customers beware

Various people are wondering what to do now that their bank
has been acquired in the wake of the lending crisis. Well, whatever you do, do not
click on links you are receiving in e-mails supposedly sent by your bank.

A new phishing campaign, fraudulently using HSBC Bank visual
identity, requires user to follow a link allegedly directing to the financial
institution Web site and check their account details. However, the link redirects
the gullible users towards a HSBC fake Web site, which employs several PHP
scripts for pilfering the sensitive data.

HSBC Bank UK Phishing

To avoid becoming a victim of phishing raids, follow the
five common-sense tips below:

  • Make sure you always activate or turn on your antiphishing
    or phishing filter, as well as any other security applications or suites before
    browsing to your e-banking account. Ideally, you should install, activate and
    update a reliable security solution.
  • Make sure that the e-banking Web site uses SSL encryption
    (Secure Socket Layer) and security authentication methods – look for the
    “https” prefix and the locked padlock. If you are requested to accept a
    certificate for the session, check that the name on the certificate matches the
    name of the institution you wish to deal with and that the certificate is
    signed by a known Certificate Authority such as ThawteTM or VeriSign

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.