Beware of online requests for personal information

The Malta Bankers' Association has cautioned bank customers and internet banking users in particular never to give out personal internet or telephone banking user identification details, passwords or security token information.

"It is never any bank's policy or practice to contact customers and to ask them for such information. Fraudsters often send forged e-mails, purporting to be from banks, designed to fool recipients into giving such personal financial data. Under no circumstances should customers respond to such requests, which could lead to financial loss," the association said.

Suspicious e-mails should be forwarded by customers to their bank for further investigation.

HSBC Bank called on customers to beware of the latest internet e-mail scam called Whaling, which targets senior businessmen and people who are generally affluent and stand more to lose. Although the bank said it was not aware that such an e-mail appeared in Malta as yet, it cautioned that such messages masqueraded as an official subpoena requiring the recipient to appear before a federal grand jury (in the US) or court.

The e-mails correctly addressed high-ranking executives and asked them to click on a link that offered a more detailed copy of the subpoena. They are then taken to a website that informs them they must install a browser add-on in order to read the document.

Clicking on the link or clicking "yes" to the browser installs unauthorised software called "backdoor and key-logging software" that steals any information typed by the recipient on the computer, such as sensitive correspondence and including log-in credentials used on websites by banks and other sensitive organisations.

The use of e-mail filtering software, anti-virus software, anti-spyware and personal firewalls that are updated was recommended.