Permanent TSB customers are currently being targeted by a phishing scam that attempts to steal log-in information and passwords to the banking website.

If you happen to receive an email similar to the one below, do not respond or click on any links in the email.

Dear Esteem Customer

Due to multiple attempt error while trying to login in to your online Permanent TSB Online Account. We believed that someone other than you is trying to access your Account For security reasons, we have temporarily Flagged your account and your access to online banking will be restricted until this issue is solved.

Update your Permanent TSB Account now to enjoy the benefits of online banking and safer online banking experience.

Click here to proceed

Thanks for taking the time to learn about our upcoming plan for Enhance Online Security – it’s one more way that Permanent TSB online banking can makes your online banking experience better..

Irish Life & Permanent plc is a limited liability company registered in Dublin under No. 222332. The company’s registered office is: Irish Life Centre, Lower Abbey Street, Dublin 1.

Closer investigation of the email shows that the link actually points to a Brazillian website.

<a href="http://www.cspconsultoria.eng.br/logs/easyweb.php">

The email which we investigated comes from an insecure mail server run by an Australian company.

Received: from User (mail.blighcapital.com.au [59.167.233.41])

Mobile phone users have been receiving text messages that claim to be from AIB Bank

The text appears to come from sender: AIB

The message is as follows:

“Your AIB code card has been locked for security reasons due to recent fraud attempts. please visit http://www.aib-security.org to update your account”

If you receive a message like this do not visit the website as it is fraudulent and not operated by AIB Bank.

Although not confirmed, IT Security Consultant Alan O’Regan from Secured.ie reports that the fraudsters are using popular national websites like donedeal.ie to harvest Irish mobile numbers.

A new Trojan which has been reported to sniff out sensitive corporate data has recently emerged.

The Trojan.Spy.YEK registers itself as a system service through an encrypted dll and awaits instructions from a command and control type center. It then uploads the gathered information to an FTP server unknowns to the user. The software can run on all versions of Windows.

Many media organisations are reporting that this Trojan cannot be stopped, however a simple and effective security policy in place could easily thwart malicious software such as this. Most corporate users have no requirement to connect to FTP servers and a simple set of firewall rules disallowing this type of connection would be sufficient to stop this Trojan in it’s tracks.

Malicious software such as this takes advantage of poorly protected networks that do not have specific rules in place that block unnecessary traffic from computer systems.

Microsoft’s Internet Explorer browser is still vulnerable to a data leakage flaw that could have serious security implications.

Despite the vulnerability being reported to Microsoft back in December 2008 the exploit remains unfixed despite numerous articles and reports that have made the company aware of the problem.

Chris Evans, A Google security researcher said this minor flaw can have major consequences:

The bug is pretty simple: IE supports a window.onerror callback which fires whenever a Javascript parse or runtime error occurs. Trouble is, it fires even if www.evil-website.com registers its own window.onerror handler and then uses < script src=”http://www.onlinebanking.com/”>

As can be seen from Microsofts statement below they don’t seem to be too bothered about their users security:

“Microsoft is aware of the public posting of a low severity information disclosure issue in Internet Explorer. A successful attack requires a victim website to be configured in a specific way which is non-standard for most sites. We are not aware of any attacks seeking to exploit this issue and will update customers if that changes.”

Scottish man Matthew Anderson,  has pleaded guilty in court to creating viruses during an online hacking spree he carried out with a number of other people located in Finland.

The E-Crime arm of the British police found that the 33 year old from Aberdeenshire carried out the operation by composing emails with attached Trojan horse software and distributed them in a spam like fashion. If a user opened the emails they unwittingly enabled the group who had called themselves m00p complete access to their PC’s. The gang were reported to have targeted hundreds of UK businesses between 2005 and 2006. and had also infected tens of thousands of computers around the world.

“This organised online criminal network infected huge numbers of computers around the world, especially targeting UK businesses and individuals,” said detective constable Bob Burls, from the Police Central e-Crime Unit. “Matthew Anderson methodically exploited computer users not only for his own financial gain but also violating their privacy.”

It is believed that Anderson also activated users webcams to spy on them from time to time.

Firesheep, A new Firefox plugin created by Eirc Butler that enables users to hack into the likes of Facebook and Twitter accounts when used on a public WiFi network. The plugin has already been downloaded over 110,000 times. The plugin takes advantage of the fact that cookies from these websites are sent over the network in plain text and not encrypted. By simply grabbing the cookie it enables the hacker to login to the account of the unsuspecting user.

This plugin enables the average Joe with no hacking skills or capabilities to gain access to your social network account.

There are a number of ways to circumvent such an attack, for corporate users through VPN’s or SSH tunneling but for the every day user HTTPS Everywhere is an option.

By enabling the average user to simply download and install this exploit it may force Facebook & Twitter to enhance the security of their platforms.

Instructions on how to install the plugin if your using Windows:

Simply go to the following address:

http://github.com/codebutler/firesheep

• Click on downloads
• Download the firesheep-0.1-1.xpi file
• Go to tools and Add-ons in Firefox
• Drag the firesheep-0.1-1.xp file into the box.
• Couldn’t be easier!