The National Hi-Tech Crime Unit and UK payments association Apacs are alerting consumers to a new Trojan e-mail attack targeting online banking customers.
The spam e-mails contain details of a fictitious order for Web hosting or computer goods and credit card billing information.
The e-mail also contains a link to a Web address in order to view the order in more detail. The site, which appears to be under construction, exploits vulnerabilities in unpatched versions of Internet Explorer to download malicious software to user computers.
The next time the customer uses their computer to access their own online banking site, the Trojan can potentially record their secret passwords and PINs used to log-on. In addition, the code opens a backdoor for the attacker to assume remote control of the end-user machine.
Detective chief superintendent Len Hynds, head of the NHTCU comments: "The NHTCU is continuing to work hard to bring the perpetrators of these elaborate scams to justice. The criminals behind these attacks are constantly evolving their techniques and changing tactics to target a wider range of victims."