People are being warned about spam e-mails containing BBC News stories designed to trick them into visiting malicious websites.
Cyber criminals are using the messages to exploit a recently discovered flaw in Microsoft's Internet Explorer.
If users click on the link, they are taken to a fake website that installs a piece of software that can monitor online financial activity.
People who receive the e-mails are advised to not follow the link.
The alert, from security firm Websense, comes less than a week after security firms found three flaws in the popular browser.
Spoof sites
The new threat takes advantage of one of these vulnerabilities.
The fake e-mails entice readers with excerpts from current BBC news stories and include a link to "Read More".
When the user clicks on the link they are directed to a spoofed BBC news website that installs a piece of software known as a keylogger.
"The keylogger monitors activity on various financial websites and uploads captured information back to the attacker," said the Websense alert.
Other websites known to exploit the bug can install spyware and Trojan horses on unprotected computers.
Using global brands like the BBC to lure people to malicious websites is common practice according to Mark Murtagh, technical director of Websense.
"We saw a similar approach last year after Hurricane Katrina with e-mails sending requests for help purportedly from the Red Cross," he told the BBC News website. "We are also already seeing the World Cup brand being used in the same way".
Taking down sites
This is not the first time the BBC's name has been used by malicious hackers.
"We have had people creating spoof pages of our site before," said Steve Herrmann, editor of the BBC News website.
"But using them in this way to attack people's online security is particularly troubling to us and a cause for serious concern."
Security firms say hundreds of web links are trying to catch people out using the loophole.
On Microsoft's security blog, the company said it had been very active in working with the law enforcement to take down malicious websites.
Microsoft said it would produce patches for the vulnerabilities in its next security update due on 11 April.
However these could be released earlier if the threat grows significantly. For now, two firms, eEye Digital Security and Determina, have separately produced software patches that close this loophole.
