hoskib

iTrader: (1)

"B޷arc޼lays" <g4ua8quwip@yahoo.com> wrote:
D*rae‬ B*lcra‬ays Me*bm‬er,

T*ih‬s e*am‬il was s*tne‬ by the Barcl*sya‬ ser*ev‬r to v*ire‬fy y*ruo‬ ema*li‬ a*serdd‬s. You m*tsu‬ c*pmo‬lete th*si‬ p*secor‬s by c*kcil‬ing
on the l*kni‬ be*wol‬ and e*tn‬ering in the s*lam‬l wi*odn‬w yo*ru‬ B*cra‬lays Memb*sre‬hip nu*rebm‬, pas*edocs‬ and me*elbarom‬ w*ro‬d.
T*ih‬s is d*eno‬ for y*uo‬r p*noitcetor‬ - be*uac‬se so*em‬ of our m*me‬bers no l*no‬ger h*eva‬ a*ssecc‬ to th*rie‬ em*ia‬l a*erdd‬sses and
we mu*ts‬ ver*fi‬y it. To ve*yfir‬ y*uo‬r e*liam‬ a*serdd‬s and a*ecc‬ss yo*ru‬ ba*kn‬ a*occ‬unt , c*cil‬k on the l*kni‬ b*le‬ow:


http://www.barclays.com/?N9dFebDTagB...Bj6l9cJvdqpAPr

coz this is my reply

hi there,

please send me your address so i can write you a cheque for the entire balance of my account. (which i don't have with you by the way).

while i'm at it i'll pop my car keys in there for you aswell, might even be able to arrange a night of passion with the girlfiend.

thanks,

A Mug

what's the betting i get some sort of reply? lol

OllyK

I doubt it, it's a data harvesting scam that just collects your user name and password. Chances are the e-mail has either bounced or they now know your e-mail is valid and they are merrily circulating your address to all the other SPAMers and con artists they can find, NEVER reply to SPAM.

Chris L

If what Olly said wasn't true it would be funny. Please tell me you didn't send that reply?

OllyK

Depends if he copied the text or the actual href content. What you see on screen may have little bearing on where you are actually sent:

<a href="www.some_con_merchant.com">www.barclays.com</a>

You see www.barclays.com on the link, but that isn't where you get sent. Always check the content of the hrefs!!

You can do the same here to be honest - try the following link www.barclays.com

suprabeast

yeah but the link is actually real... it goes to the barclays site

OllyK

Yes, as I explained, what you see on screen is www.barclays.com, if you hi-light the link and choose "Copy" rather than "Copy Shortcut" you get the display text rather than the content of the href.

So it may be that what you see posted above, is the result of a copy (i.e. it looks genuine) rather than a copy shortcut (i.e. the scam site).

suprabeast

ooooooooooooooh now i see what you mean.... yes quite

jasey

I'm sure I read in the papers last that the latest "trick" is to install "click / keyboard monitoring" software on your machine then direct you to the actual bank website and "watch" what you type in !


Something like that anyway - don't reply or follow links anywhere !

OllyK

Spyware / Trojans - it isn't a new concept, "Back Oriface" was one of the more publicised ones. General rules of thumb:
1) Get a good virus checker
2) Keep it updated - daily or more
3) Get good SPAM filters on your e-mail
4) Be suspicious if you get mail from somebody you don't know
5) Be suspicious if you get mail from a company and you haven't just bought something or initiated the conversation.
6) Be really, really careful about attachements, never open directly from your mail client, save and virus check, if in doubt, e-mail the person back and confirm they did mean to send you something.
7) If you suspect a SPAM or con, don't reply, just delete it.
8) Be careful about links, check the href content (in outlook it appears in the status bar if you hover over the link, assuming they haven't masked it). Copy via Copy Shortcut and paste in to notepad to check if in doubt, paste in to a browser only if you are sure it is OK.
9) Have browser security set to high (or don't use MSIE), it's a pain to have to drop it for some sites, but better that than getting crap you don't want.
10) Be paranoid - they really are out to get you

OK, mostly grandma sucking eggs stuff, but it doesn't hurt to go over it again now and again!

jasey

11) Beware of people who can't speak properly and their spelling is suss (exception = registered users of ScoobyNet )

OllyK

Noooo - you have to be even more careful of them, right bunch of dodgy characters on SN

jasey

Clicky www.sendjaseyallyourcash.com/hecanbetrusted.htm

pslewis

Got the same just now:-

D*rae‬ Bar*syalc‬ M*rebme‬,

T*sih‬ e*iam‬l was s*tne‬ by the B*syalcra‬ s*re‬ver to v*fire‬y y*ruo‬ e*iam‬l add*ser‬s. You m*tsu‬ c*lpmo‬ete th*si‬ p*ecor‬ss by c*ikcil‬ng
on the li*kn‬ b*le‬ow and ent*re‬ing in the s*lam‬l wi*wodn‬ y*ruo‬ Ba*syalcr‬ M*hsrebme‬ip num*eb‬r, pa*ocss‬de and m*lbarome‬e word.
T*sih‬ is d*eno‬ for y*ruo‬ protec*noit‬ - b*ace‬use s*emo‬ of our m*ebme‬rs no l*regno‬ h*eva‬ ac*ec‬ss to t*rieh‬ e*liam‬ ad*rd‬esses and
we m*tsu‬ v*fire‬y it. To v*fire‬y yo*ru‬ em*lia‬ add*ser‬s and acc*se‬s y*ruo‬ ba*kn‬ a*nuocc‬t , c*cil‬k on the li*kn‬ b*ole‬w:

I'm NOT even a Barclays Member!!

Pete

boomer

There is some very interesting reading about spoofing URLs at http://www.pc-help.org/obscure.htm

The on-page links are (sadly) out of date, but the ways to construct misleading URLs are perfectly valid, thus http://www.barclays.com@www.pc-help.org/obscure.htm (or appropriate hexadecimal after the "@") can easily lead you astray (although Firefox does warn ya!)!!

mb

Chris L

OllyK's post about 'grandma sucking eggs' is worth repeating. Many attacks are very sophisiticated, but because of that, people let their guard down and the simple things get through. The recent attack on Sumitomo Bank was launched using simple key loggers - they tried to nick $400m! Their mistake was probably being too greedy

Incidently, bear in mind, that an estimated 75% - 80% of all Internet cafe PCs have some form of trojan key logger installed. Think twice, if you are on holiday etc about using these places.

boomer

Chris,

do you have a source for this? That's a pretty scarey statistic!!!

mb