Alarm raised over new e-mail scam

HSBC and the Malta Bankers' Association this afternoon issued separate statements to warn against email financial scams.

HSBC warned against a scam called called ‘Whaling', with CEO Shaun Wallis saying it is so called because fraudsters are trying to get the biggest fish that they can hook.

"They target senior businessmen and people who are generally affluent and stand more to lose, both personally and professionally."

"Whilst we are not aware of these e-mails appearing in Malta, we feel we should let our customers know of this latest scam since Malta is not immune to phishing or whaling and we should all be aware of these rogue e-mails."

The bank explained that e-mail messages masquerade as an official subpoena requiring the recipient to appear before a federal grand jury (in the USA) or court. The e-mails correctly address CEOs and other high-ranking executives by their name and include their phone number and company name.

Recipients who click on a link that offers a more detailed copy of the subpoena are taken to a website that informs them they must install a browser add-on in order to read the document. Either clicking on the link or clicking ‘yes' to the browser, actually installs unauthorised software called ‘backdoor and key-logging software' that steals any information typed by the recipient on the computer, such as sensitive correspondence, and including log-in credentials used on websites by banks and other sensitive organisations.

"It is known that on a worldwide basis thousands of executives received the email and many of these ‘took the bait' particularly in the UK recently. I reiterate that we are not aware of these emails appearing in Malta but everyone should understand the potential consequences if they respond to these emails," concluded Mr Wallis. "We suggest you use anti-virus software, anti-spyware, personal firewalls and keep them updated."

The Malta Bankers' Association said it was warning bank customers, and in particular internet banking users, never to give out personal internet or telephone banking User Identification details, passwords or security token details. It is never any bank's policy or practice to contact customers and to ask them for such information.

"Fraudsters often send forged e-mails, purporting to be from banks, designed to fool recipients into giving such personal financial data. Under no circumstances should customers respond to such requests, which could lead to financial loss.

"Suspicious e-mails should be forwarded by customers to their bank for further investigation. Furthermore, it is recommended that customers make active use of e-mail filtering software which helps to identify fraudulent, malicious or hoax e-mails," the MBA said.