Phishing message purports to be from Barclays Bank and Halifax unit of the National Bank of Scotland. Many of the phishing messages were distributed from hosts known to be part of the Storm botnet. The attack began as a message from Barclays, but the link to the fake Barclays site was shut down late on Monday and the same hosts began pumping out messages from Halifax on Tuesday. “This is a precursor that other banks may be targeted as well,” Trend Micro says. Both Fortinet and Trend Micro say they are adding phishing sites to their lists of domains that will be blocked.”]
Source: https://www.darkreading.com/analytics/storm-botnet-turned-toward-phishing-attacks