Barclays is the latest victim of a vulnerability in Internet Explorer (IE) that allows attackers to make spoof web sites and steal personal information.

Microsoft had been expected to release a patch for the so-called 'phishing' flaw on Tuesday, but it failed to materialise in the software giant's monthly security bulletin.

NatWest, Lloyds TSB, eBay, Visa, Citibank and Amazon have also been affected by the problem.

Malicous attackers can copy web sites by adding specific digits to a web address, allowing them to run a copied site over their own servers that looks identical to the genuine one.

The perpetrators typically send an email to customers asking them to log on to the site for a security update. Some 20 per cent of people who receive these emails respond to them, according to web site www.anti-phishing.org.

'This is a problem that we are going to see more and more,' said Dinis Cruz, chief technology officer at security specialist CISSP.

'Tuesday's edition of Microsoft's monthly bundle of security advisories features an omission that should keep online fraudsters happy: over one month after it's discovery, there is no official patch available for a bug in Internet Explorer that lets swindlers pass off counterfeit web sites as the real thing,' Cruz said.

Microsoft says it will not release a patch until it has been rigorously tested.

'Microsoft is actively investigating reports of the vulnerability affecting IE. This action may include releasing a software patch for the issue, but only after said patch is thoroughly tested and proven to be effective and safe for customers,' said a Microsoft spokesman.