I don't even bank at Barclays!
#1
Scooby Regular
Thread Starter
I don't even bank at Barclays!
Dear Sir/Madam,
Barclays is proud to announce their new iBank upgrade.
We have updated our new iBank SSL secure servers to give our
customers a better, faster and more secure online banking
services for the year 2006.
Due to the recent update of the servers, you are requested to
update your account using the following link:
http://ibank.barclays.co.uk..............LoginMember.do
J.S. Smith
Security Advisor
Barclays Bank PLC.
Barclays is proud to announce their new iBank upgrade.
We have updated our new iBank SSL secure servers to give our
customers a better, faster and more secure online banking
services for the year 2006.
Due to the recent update of the servers, you are requested to
update your account using the following link:
http://ibank.barclays.co.uk..............LoginMember.do
J.S. Smith
Security Advisor
Barclays Bank PLC.
#7
Scooby Regular
Join Date: Feb 2004
Location: Texas - It's BIG!
Posts: 2,105
Likes: 0
Received 0 Likes
on
0 Posts
Well, it's actually written in plausible English!
I've been getting them from Chase Manhattan, usually the author has the same grasp on the English language as a three year old! A poorly educated three year old at that!
I've been getting them from Chase Manhattan, usually the author has the same grasp on the English language as a three year old! A poorly educated three year old at that!
Trending Topics
#8
Originally Posted by Scudy23
If it was emailed m8 i wouldnt even bother with it..... so many tw@ts on the net trying to rip you off
#9
Scooby Regular
Thread Starter
Originally Posted by fast bloke
Haven't read the link but sounds like more new labia stuff?..... people trying to rip you off?
Pete
#10
Scooby Regular
Join Date: Sep 2005
Location: Hunting for my next Impreza!
Posts: 2,388
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by pslewis
Dear Sir/Madam,
Barclays is proud to announce their new iBank upgrade.
We have updated our new iBank SSL secure servers to give our
customers a better, faster and more secure online banking
services for the year 2006.
Due to the recent update of the servers, you are requested to
update your account using the following link:
http://ibank.barclays.co.uk..............LoginMember.do
J.S. Smith
Security Advisor
Barclays Bank PLC.
Barclays is proud to announce their new iBank upgrade.
We have updated our new iBank SSL secure servers to give our
customers a better, faster and more secure online banking
services for the year 2006.
Due to the recent update of the servers, you are requested to
update your account using the following link:
http://ibank.barclays.co.uk..............LoginMember.do
J.S. Smith
Security Advisor
Barclays Bank PLC.
#11
Scooby Regular
Join Date: Jun 2003
Location: use the Marauder's Map to find out.
Posts: 2,041
Likes: 0
Received 0 Likes
on
0 Posts
Your Alzheimers is kicking in again,Pete.. You were reminded a couple of days ago just how unsuccessful your hero Tony and his cronies are.
#12
Not sure if this is a double bluff by PSL but the link IS a genuine Barclays link.
If you actually go into the link without the ....... it takes you to the main site.
Am I missing an "in joke" here?
Now if it has been sent to a non-BArclays customer then agreed that is a security issue.
NB did I mention that I work for Barclays Compliance Dept?
Would be very interested in exact email address of sender of message to PSL and full web link given without the .......
PSL, please pm if you wish. (Unless you were just trolling and I've bitten cos it is early in the morning). I can soon find out who J S Smith is but I doubt very much he is Nigerian.
If you actually go into the link without the ....... it takes you to the main site.
Am I missing an "in joke" here?
Now if it has been sent to a non-BArclays customer then agreed that is a security issue.
NB did I mention that I work for Barclays Compliance Dept?
Would be very interested in exact email address of sender of message to PSL and full web link given without the .......
PSL, please pm if you wish. (Unless you were just trolling and I've bitten cos it is early in the morning). I can soon find out who J S Smith is but I doubt very much he is Nigerian.
#13
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
It's not genuine - they could have easily ripped the graphics and layout from the official site.
The give away is in the URL posted up. The message says they are using SSL (which is a form of secure encrypted connection), yet the URL starts 'http', when it should be 'https' ('s' as in 'secure'). Goto the official Barclays site and click 'logon' for their online banking service and you'll see what I mean.
Chris
The give away is in the URL posted up. The message says they are using SSL (which is a form of secure encrypted connection), yet the URL starts 'http', when it should be 'https' ('s' as in 'secure'). Goto the official Barclays site and click 'logon' for their online banking service and you'll see what I mean.
Chris
#16
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Peanuts
must be pretty good then to catch out a Barclays employee!
#17
Scooby Regular
Originally Posted by Chris L
Never let anyone tell you that IT security is a technical issue - it isn't - it's a people issue
asking me questions about things he shouldn't have been asking, gave a false
name and number when I asked to call him back, quite amusing
#18
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by stevencotton
Too right, I've even been the 'mark' of a social engineer calling me up and
asking me questions about things he shouldn't have been asking, gave a false
name and number when I asked to call him back, quite amusing
asking me questions about things he shouldn't have been asking, gave a false
name and number when I asked to call him back, quite amusing
#19
Chris L and others
Interesting
When I cut and pasted the original link as shown on PSL's post it obviously doesn't open due to the ........
When I edited it back to just the http://ibank.barclays.co.uk and then hit enter again it then takes me to the httpS site of "Barclays". It then defaults to the Barclays site login at https://ibank.barclays.co.uk/olb/q/LoginMember.do
which appears to be the same as what PSL posted apart from it shows as https rather than http.
Now I'm confused?
Could be because:
It was early in the morning and was not fully awake or
I had the "real" Barclays sites already open on other windows on my PC, or
I'm a stupid **** who knows nothing about websites and hence I worked in Compliance and not IT
HOWEVER, if you follow the link above and click on the "online security" it opens another window. This window is "only" http but includes examples of scam emails including ones coming from J S Smith Security Advisor.
I would be very interested if the IT experts on here could explain to a non IT muppet like me how this appears to fluctuate between obviously fake sites and sites that appear, with the https prefix, to be genuine?
Why would a scammer include an example of his own scam emails???
Part of the problem is that Barclays recently changed the whole appearance of their online banking but didn't think to tell any of their customers. Consequently, they were flooded with calls asking if the new version was genuine as nobody recognised it and many people were suspicious. Barclays got fed up of telling everyone that the site had been changed and it was all OK. Obviously, some enterprising IT geek/nigerian/scammer probably realised that this was a great opportunity to take advantage of Barclays dreadful IT change management?
For a lay man, what is best way to interrogate a web site to test its validity?
The https is obvious but as noted above, this one defaulted to that prefix.
Interesting
When I cut and pasted the original link as shown on PSL's post it obviously doesn't open due to the ........
When I edited it back to just the http://ibank.barclays.co.uk and then hit enter again it then takes me to the httpS site of "Barclays". It then defaults to the Barclays site login at https://ibank.barclays.co.uk/olb/q/LoginMember.do
which appears to be the same as what PSL posted apart from it shows as https rather than http.
Now I'm confused?
Could be because:
It was early in the morning and was not fully awake or
I had the "real" Barclays sites already open on other windows on my PC, or
I'm a stupid **** who knows nothing about websites and hence I worked in Compliance and not IT
HOWEVER, if you follow the link above and click on the "online security" it opens another window. This window is "only" http but includes examples of scam emails including ones coming from J S Smith Security Advisor.
I would be very interested if the IT experts on here could explain to a non IT muppet like me how this appears to fluctuate between obviously fake sites and sites that appear, with the https prefix, to be genuine?
Why would a scammer include an example of his own scam emails???
Part of the problem is that Barclays recently changed the whole appearance of their online banking but didn't think to tell any of their customers. Consequently, they were flooded with calls asking if the new version was genuine as nobody recognised it and many people were suspicious. Barclays got fed up of telling everyone that the site had been changed and it was all OK. Obviously, some enterprising IT geek/nigerian/scammer probably realised that this was a great opportunity to take advantage of Barclays dreadful IT change management?
For a lay man, what is best way to interrogate a web site to test its validity?
The https is obvious but as noted above, this one defaulted to that prefix.
#20
Scooby Regular
Join Date: May 2000
Location: MY00,MY01,RX-8, Alfa 147 & Focus ST :-)
Posts: 10,371
Likes: 0
Received 0 Likes
on
0 Posts
I would have to have a look through to be sure - from what you've said. Simple rule of thumb is that no financial organisation will ever send you an email request to input or change both your username and password in this way. Treat EVERY email you receive like this as dodgy and delete them.
#21
Scooby Regular
Join Date: Apr 2000
Location: West Byfleet, Surrey
Posts: 1,653
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by 2000TLondon
Well, it's actually written in plausible English!
I've been getting them from Chase Manhattan, usually the author has the same grasp on the English language as a three year old! A poorly educated three year old at that!
I've been getting them from Chase Manhattan, usually the author has the same grasp on the English language as a three year old! A poorly educated three year old at that!
#22
Scooby Regular
Join Date: Oct 2001
Location: X5 and MCS JCW country....London :)
Posts: 2,223
Likes: 0
Received 0 Likes
on
0 Posts
It is quite easy for the address in the address bar to be fake and you are actually taken to an alternative site that has no connection with the address in the address bar. Even if it says www.barclays.com you are probably going to www.givemeallyourmoney.com Never goto a financial website from a link ALWAYS type it in.
#23
Scooby Regular
iTrader: (1)
Join Date: Jan 1999
Location: UK
Posts: 15,271
Likes: 0
Received 0 Likes
on
0 Posts
I have had dodgy emails that have links that 'look' right and if you cut and paste them take you to the original and genuine site. However the 'hyperlink' in the actual email takes you to the dodgy site.
It could well be that PSL cut and paste and so it is taking you to the genuine site. I had exactly the same thing when I pasted an PayPal dodgy mail on here - when people went to look it went to the PayPal site. In the email it did not
Always type the link in yourself - the PayPal clone was perfect - except it wanted just too much information.
I love to fill in details including addresses of DisneyWorld and InYourDreams as well as well chosen Celtic and Saxon words!
It could well be that PSL cut and paste and so it is taking you to the genuine site. I had exactly the same thing when I pasted an PayPal dodgy mail on here - when people went to look it went to the PayPal site. In the email it did not
Always type the link in yourself - the PayPal clone was perfect - except it wanted just too much information.
I love to fill in details including addresses of DisneyWorld and InYourDreams as well as well chosen Celtic and Saxon words!
#24
Scooby Regular
Thread Starter
Originally Posted by Rannoch
I have had dodgy emails that have links that 'look' right and if you cut and paste them take you to the original and genuine site. However the 'hyperlink' in the actual email takes you to the dodgy site.
It could well be that PSL cut and paste and so it is taking you to the genuine site. I had exactly the same thing when I pasted an PayPal dodgy mail on here - when people went to look it went to the PayPal site. In the email it did not
Always type the link in yourself - the PayPal clone was perfect - except it wanted just too much information.
I love to fill in details including addresses of DisneyWorld and InYourDreams as well as well chosen Celtic and Saxon words!
It could well be that PSL cut and paste and so it is taking you to the genuine site. I had exactly the same thing when I pasted an PayPal dodgy mail on here - when people went to look it went to the PayPal site. In the email it did not
Always type the link in yourself - the PayPal clone was perfect - except it wanted just too much information.
I love to fill in details including addresses of DisneyWorld and InYourDreams as well as well chosen Celtic and Saxon words!
But I certainly did not alter the URL other than deleting a central section.
Pete
#25
Originally Posted by pslewis
if anyone on here is like me, you will have numerous windows open
#27
Originally Posted by ChrisB
That's rife for a cross site scripting attack then.
As I said I did have several other windows open including genuine Barclays online ones.
Thanks for sensible reply PSL.
Thread
Thread Starter
Forum
Replies
Last Post