News 

Duncan Mills, Product Manager at BlackSpider told us that while the phish itself is nothing unusual, 'the difference is the sheer number of addresses participating in the attack'.

Some 20,000 separate IP addresses began sending out phishing mails on Sunday urging recipients to update their credentials online as part of a NatWest or Bank of Scotland security drive in a co-ordinated attack.

If recipients followed links in the phishing mails they were directed to a phishing site that asked them for banking and personal information, which was then collected, presumably for nefarious purposes. However, Mills said that BlackSpider was not monitoring where that information was subsequently being sent.

BlackSpider

ADVERTISEMENT

estimates some 8.1m emails were heading for inboxes across the UK in the 48 hours or so that the campaign lasted. Mills described current activity for the phish as 'pretty much dead' but said he had not seen a bigger campaign targeting the UK.

He said BlackSpider protects around 600,000 of the 15m UK corporate inboxes. But BlackSpider aside, there seems little noise from the security industry over the event.

Messagelabs said it had seen the attack and stopped it, but was otherwise unimpressed.

'Phishing attacks of this size are a frequent occurrence. We saw the number of phishing attacks as a proportion of all email-borne threats increase by 2 per cent in July, now accounting for 21 per cent of all malicious emails intercepted by MessageLabs,' said Paul Wood, senior analyst at MessageLabs.

Sophos's Senior Technology Consultant Graham Cluley said his company's lab hadn't received reports of the campaign, although he noted that this doesn't undermine the veracity of BlackSpider's claims.

Mills also said it was 'odd' and suggested it might be that BlackSpider 'happened to have tuned our engines in a manner that catches this particular attack'.