PDA

View Full Version : Barcalys online


Ramrod
11-08-2004, 23:38
I just got this e-mail: Dear Valued Customer,


- Our new security system will help you to avoid
frequently fraud transactions and to keep your
investments in safety.


- Due to technical update we recommend you to
reactivate your account.


Click on the link below to login and begin using
your updated Barcalys account.

To log into your account, please visit the online banking
http://barcalys.co.uk

If you have questions about your online statement,
please send us a Bank Mail or call us at 1-800-374-9700

We appreciate your business. It's truly our
pleasure to serve you.

Barcalys Customer Care

This email is for notification only. To contact us,
please log into your account and send a Bank Mail. :D


edit--and the link doesn't even work :disturbd: :rofl:

iron25
12-08-2004, 00:38
I'd like to know how many users get fooled by these emails.

Frank
12-08-2004, 00:56
Interesting Barclays can now be reached on a North America phone number while still being a British bank...

iron25
12-08-2004, 01:10
It might have fooled more people if they could at least spell Barclays correctly too.

Frank
12-08-2004, 01:15
Well true, but they had to spell it like that because of the domain name. They couldn't sent to barclays.co.uk, could they? :D

greencreeper
12-08-2004, 03:30
http://blogs.nthellworld.co.uk/dwarfinleopardskin/archives/000735.html

It was a good fake. Interestingly, Abbey don't seem to protect any of their images or Javascript from being used by other sites.

Jason1
12-08-2004, 11:20
had them for both Barclays & Abbey notice the phone numbers the same so the same person/s are trying to scam a few uk bank customers

poolking
12-08-2004, 11:24
Interesting Barclays can now be reached on a North America phone number while still being a British bank...
Just shows how stupid the scammers are. :D

Jason1
12-08-2004, 11:25
I had them from fraudsters pretending to be both barclays & abbey notice the phone numbers are same so the same person/s are trying to scam a few uk banks

(had to change to word doc to upload)

Tricky
12-08-2004, 11:30
One of the more basic attempts, I saw one attempt from the Halifax that could have almost anyone fooled. I used their live site as a feed and loaded this in the background whilst having a window on top asking for all the security details which obviously when posted would be sent anywhere but the halifax. It was easy to see how people could get fooled especially as this window would not close down without information being entered

gary_580
12-08-2004, 12:22
Just shows how stupid the scammers are. :D

Theyre not stupid, they are just taking the least effort approach. It may fool less people but with zero effort it doesnt really matter to them.

Ramrod
18-08-2004, 00:05
They are trying on againm HSBC this time :dozey: Dear Valued Customer,


- Our new security system will help you to avoid
frequently fraud transactions and to keep your
investments in safety.


- Due to technical update we recommend you to
reactivate your account.


Click on the link below to login and begin using
your updated HSBC account.

To log into your account, please visit the online banking
http://hsbc.co.uk/

If you have questions about your online statement,
please send us a Bank Mail or call us at 1-800-374-9700

We appreciate your business. It's truly our
pleasure to serve you.

HSBC Customer Care

This email is for notification only. To contact us,
please log into your account and send a Bank Mail. Strangely the link seems to lead to the real hsbc site :confused:

Frank
18-08-2004, 06:07
Strangely the link seems to lead to the real hsbc site :confused: ROFL, would you like to take that back gary? :D

greencreeper
18-08-2004, 06:14
Maybe Ramrod could post the HTML code behind the email? Cut and paste the email as you see it and you won't capture the dodgy URL behind the seemingly real URL. Like this: http://www.hsbc.co.uk (http://www.google.com) Always assuming there is a dodgy URL - usually there is otherwise the email is pointless :)

Ramrod
18-08-2004, 09:47
ROFL, would you like to take that back gary? :DWell....no..........read the e-mail again, the wording is very poor and exactly the same as the original e-mail I posted for Barcalays bank.Maybe Ramrod could post the HTML code behind the email? How do I do that? :dunce:

Ramrod
18-08-2004, 11:02
Is this what you mean?
Return-Path: <customersupport@hsbc.co.uk>
Received: from compuserve.com ([211.178.77.173]) by mta09-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP
id <20040817203644.WTOP380.mta09-svc.ntlworld.com@compuserve.com>
for <****.*******@ntlworld.com>; Tue, 17 Aug 2004 21:36:44 +0100
Date: Tue, 17 Aug 2004 20:33:02 +0000
From: Customersupport <customersupport@hsbc.co.uk>
Subject: HSBC Security Update
To: **** ******* <****.*******@ntlworld.com>
References: <1G1I1J3GA63JKJBF@ntlworld.com>
In-Reply-To: <1G1I1J3GA63JKJBF@ntlworld.com>
Message-ID: <C214IEBHBD6L5LG4@hsbc.co.uk>
Reply-To: Customersupport <customersupport@hsbc.co.uk>
Sender: Customersupport <customersupport@hsbc.co.uk>
MIME-Version: 1.0
Content-Type: text/html; charset=Windows-1251
Content-Transfer-Encoding: 8bit

Stuart
18-08-2004, 11:16
Just shows how stupid the scammers are. :D
Yeah, but they only need the scam to catch one person and they could make a lot of money.

Stuart
18-08-2004, 11:25
Perhaps a little reminder to all Cable Forum members is in order here.

I know that none of us will be fooled by any of these scams, but it is worth remembering that any company with security worth a damn will never ask you to validate your User ID and password or pin by email. In my experience, with most e-banking systems, if you need to do anything to the security of the account, you need to contact the bank IN PERSON or on the phone.

It's also worth pointing out that any halfway decent email client will show the actual address of a link in the email in the status bar (Thunderbird does). Not sure if either Outlook or Outlook express do this.

Ramrod
18-08-2004, 11:33
I'm still confused as to why the latest one I received links to what appears to be the real HSBC site :confused:

Stuart
18-08-2004, 11:41
I'm still confused as to why the latest one I received links to what appears to be the real HSBC site :confused:
Well, as poolking said, scammers can be stupid..

SMHarman
18-08-2004, 11:48
<snip>
It's also worth pointing out that any halfway decent email client will show the actual address of a link in the email in the status bar (Thunderbird does). Not sure if either Outlook or Outlook express do this.
Outlook Express is pretty good for this, Outlook pretty much strips the headers from the mail, though you can see the name and email address on the reply.

Ramrod
18-08-2004, 12:19
Well, as poolking said, scammers can be stupid.. More like retarded:disturbd:

Stuart
18-08-2004, 13:02
Outlook Express is pretty good for this, Outlook pretty much strips the headers from the mail, though you can see the name and email address on the reply.
Actually, I meant links within the text..

Kliro
18-08-2004, 16:50
I got an email like this from 'paypal' looked fairly real, but said unless I verified my account details my account would be deleted, I guess a lot of people could be fooled by this, I had nothing better to do so filled in the form with such things as 'we are coming to get you' 'you are sc*m' etc, and it logged me in so was obviously a scam, but as I said I don't know if I would have filled it in if I werent aware of suck scams...

greencreeper
18-08-2004, 22:22
Is this what you mean?


Those are the headers. You know how in, say, IE you can view the code behind a web page - all the HTML? Well you should be able to do the same for an HTML email. My email client is The Bat! and I just press F9. I have 96 spam emails today and not one of them is banking email, so I can't post any code myself :( Usually a URL is used as a link, but when you click the link you're taken to a different site. Very easy to do:

https://www.hornyteens.com (http://www.ntlworld.com)
<a href="http://www.ntlworld.com">https://www.hornyteens.com</a>

There are other tricks, such as using image maps.



I know that none of us will be fooled by any of these scams, but it is worth remembering that any company with security worth a damn will never ask you to validate your User ID and password or pin by email. In my experience, with most e-banking systems, if you need to do anything to the security of the account, you need to contact the bank IN PERSON or on the phone.


Also look for the lock symbol that indicates SSL - the Abbey email I received was perfect because it used the bank's CSS, images and Javascript (so much for security). The only give-away was the lack of SSL when I clicked to logon to e-banking.


It's also worth pointing out that any halfway decent email client will show the actual address of a link in the email in the status bar (Thunderbird does). Not sure if either Outlook or Outlook express do this.


Status bar text can be altered using a simple bit of Javascript :)

Ramrod
24-08-2004, 11:15
Just got another one, for Lloyds TSB this time:
Dear Valued Customer,


- Our new security system will help you to avoid
frequently fraud transactions and to keep your
investments in safety.


- Due to technical update we recommend you to
reactivate your account.


Click on the link below to login and begin using
your updated Lloyds Tsb account.

To log into your account, please visit the online banking
http://www.lloydstsb.com

If you have questions about your online statement,
please send us a Bank Mail or call us at 1-800-374-9700

We appreciate your business. It's truly our
pleasure to serve you.

Lloyds Tsb Customer Care

This email is for notification only. To contact us,
please log into your account and send a Bank Mail.

edit--
Hats off to Lloyds for responding very quickly: http://www.lloydstsb.com/security.aspfraudulent email alert from 23rd August 2004

We are aware that another fraudulent email alleging to be from Lloyds TSB is in circulation from today. This email contains a link that when accessed displays a screen asking customers to enter their Internet banking User ID, Password and Memorable Information, telephone banking Memorable Information and Password or security numbers in full.


These are not genuine emails. Lloyds TSB never send emails asking for this information to be recorded in this way. If you receive such an email, please do not access any links contained within it or provide any Internet banking log on details. If you are concerned that you have received this email and may have divulged your details or suspect that the security of any of your Lloyds TSB accounts has been compromised contact us immediately on 0845 3000 116 (+44 20 7649 9437 from overseas).

chopsmcp
24-08-2004, 16:39
Just got another one, for Lloyds TSB this time:


edit--
Hats off to Lloyds for responding very quickly: http://www.lloydstsb.com/security.asp

Yep - I got this one, and the actual phish site (lloyds-validate.info) was already dead. As opposed to previous variants (obviously from the same outfit), which were still up in American webspace up to 24 hours after larts had been dispatched.

Where I'd fault lloyds, though, is in not making it easier to report the things. No obvious links on the site, had to go through a web-based form.