Banking Scam, please read and check.
I am assured this information is correct and has come out to-day 25th Feb 2013, assuming the worst and that it is correct be extra vigilant with Internet banking with First Direct and any others, if the slightest bit in doubt or suspicious consult with the bank for advice.
I have just spent the last three hours investigating a very sophisticated virus/hack that seems to have targeted the first direct internet banking website.
This is a “man-in-the-middle” type attack that intercepts your credentials, sends them to a remote site where they are then used to extract funds from the account in questions. At all times the website displays the correct SSL certificate credentials, and is perfect in the look and feel of the site, even the web page is displayed correctly in the url bar. The only way to know that you are in the wrong site is at the point of entering the username and password it asks for your FULL password rather than specific characters.
We do not currently know if this is limited to First Direct banking websites or if any others are affected.
The very worst points of this hack is that none of our virus or malware scanners can detect it. I will repeat that statement, currently none of our virus or malware scanners can detect this virus, and that is using the most up to date DAT files there are, we are currently talking to McAfee to see if we can identify the origin and scan pattern. We have found evidence that this is an infection on the local PC and that it is collecting bank credential data only.
If you use internet banking then please be extra vigilant, satisfy yourself that the credential forms are the same as you normally see, if you are in any doubt do not use them, go to another PC and try it from there.