Emails containing bogus links to BBC news stories are being used to trick internet users into visiting malicious websites that install keylogger software to monitor their online financial activities.
According to the Beeb itself, an alert about the problem - reportedly limited to the Internet Explorer browser - has been issue by security firm Websense and comes less than a week after three other flaws were found in IE.
The Beeb quotes Microsoft as saying that it would produce patches for the vulnerabilities in its next security update due on 11 April - or earlier if the threat grows significantly.
In the interim, though, two firms are reported as having separately produced patches that close the so-called Zero-Day loophole now - eEye Digital Security and Determina.