New Year Phishes?

As a customer of Barclays Bank in the UK, I do occasionally receive e-mails from them, so I wasn't that surprised, or unduly alarmed when I received the e-mail shown in the screenshot below:



A quick look at it had my Phish Sense tingling, can you see why?

However, as usual I decided to take a look at the URL in the e-mail in more detail, as it was pretty believable, this is what I found:



This could easily be the real Barclays Bank site, it is very well done and very believable. In fact all the links, bar one, on the web page actually do go to the real Barclays web site. So, what happens if you enter data in the page and click on the Next button, where do you go next?

The next page shown is:



You are then prompted for the rest of your personal login details for Barclays. However, once filled in and having clicked on the Login button, you will end up on the real Barclays site, so this Phish, because that is what it is, no matter how good or believable it appears, is actually carrying out a Man-In-The-Middle attack by harvesting your real login data for your Barclay's internet banking account.

Last night I also started to see a similar attack aimed at the Halifax, here's a screenshot of the e-mail:



And here is the website the link takes you to:



This one uses the same technique, although it appears that not only is the page harvesting your Halifax credentials it also goes on to pass them to the real Halifax site, and so, if the data you gave was genuine, it should have logged you in, and you probably would be none the wiser that you have become the latest victim of a phishing attack.

If you put in fake data in the fake Halifax login page (shown above), the real Halifax site will show you an error message.

If you use an e-mail client that doesn't show you the bracketed e-mail address, then it is not surprising that customers of these banks, using these e-mail clients, actually fall for these latest phishing scams with disasterous results ranging from transferred funds, new loans or mortgages taken out in their name,to their whole identity being stolen.

Did you notice that the links in the e-mail claim to be HTTPS [SSL encrypted link to the website], when in fact they end up on a standard HTTP link which is NOT encrypted, so all data you enter is in CLEAR TEXT.

Please note: Do NOT go to the sites shown as they are real live phishing sites. You have been warned! Stay safe...

Whatever you do, don't take this threat lightly, as TV presenter and motor-mouth Jeremy Clarkson did after dismissing the threat of identity theft; he foolishly published his bank details and clues to other personal details in his column in The Sun newspaper. More details on this can be found here.