Panda Software Warns of Fraudulent Bank E-Mails

MADRID, January 14 2004 Over the last few days, many users have been receiving e-mails telling them that, due to technical or other problems, they need to access a web page to validate their bank details.

One of the most widespread examples of these is one aimed at CITIBANK clients and arrives in an email with the subject “Important Fraud Alert from Citibank”. The message itself says that due to a series of operations aimed at detecting illegal banking activity, users need to check if their data is correct by going to a certain website.

All these e-mails are false, and are aimed at tricking users into divulging confidential data such as account numbers, user names, passwords or other secret codes and numbers.

To do this, generally the messages have been carefully constructed in HTML to perfectly resemble genuine messages sent by the online banking service and deceive users.

These mails have been cunningly designed to exploit the URLSpoof vulnerability -as yet uncorrected- in Microsoft Internet Explorer. This flaw makes it possible to trick a user into thinking that the web page they are accessing -from a link on the e-mail- is that of a bank, when really the web page is a replica of the original, hosted elsewhere.

In this way, if the user enters the data they are asked to, this will fall straight into the hands of the malicious user that has created the e-mail and web page.

For this reason, Panda Software recommends that all users treat with extreme caution e-mails from banks requesting information, as it is highly likely that it is part of an attempted fraud. In any event, before revealing any confidential information, users should confirm authenticity of the message by contacting the bank in question.

Given the large amount of fraudulent e-mails in circulation, Panda Software has released updates of its products to detect and neutralize any attempt to exploit the Internet Explorer vulnerability mentioned above. These can be downloaded from .

For more information about the URLSpoof
vulnerability, go to the Panda Software Virus Encyclopedia.

About PandaLabs

On receiving a possibly infected file, Panda Software’s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.