Insecurity outfit Red Condor has been intercepting an email phishing campaign spreading faked Microsoft Outlook alerts.

The faked Outlook updates are fast becoming a popular way to implant banking Trojans are then used to access online accounts. The intended victim receives a personalised email message that appears to come from a techie using a return email address from the same domain as the target.

However the numbers which are being sent over the world wide wibble are making it look like the bad guys after playing a numbers game. The software is quite good at customises each message to improve the odds of fooling the recipient. Red Condor researcher Brien Voorhees said that the attack has hit thousands of Red Condor's customer domains. Red Condor has blocked well over a million of these messages, an indicator of a massive spam campaign, originating from a large botnet under control of the attackers.

This latest Outlook attack is similar to a phishing attack that took shape over the course of 2009. Earlier attacks used referencing UPS shipping documents, IRS notices, Vonage account updates, H1N1 alerts and Facebook account updates to get recipients to click on a tainted Web link.