Barclays UK customers targeted by new scam
4 the fake URLs spread via a new spam campaign targeting customers of the UK bank.
The bogus Barclays e-mails fool customers into believing access to their account has been limited or suspended because of continued login errors. The emails assert 'To reactive your account, please download the document attached to this email to review your account activity. If not completed we will be forced to close your account.'
The site domains displayed on these phishing emails including "http://barclays.co.uk.fam-tours.ru.", intelligently trick users into believing they have landed on the legitimate barclays.co.uk bank domain. These long URLs can easily fool mobile users too, because the entire address cannot be seen on certain smaller phone screens. After clicking on the links embedded in the message or opening the attached html document, clients are taken to a spoof website where their financial and personal details are captured by cyber-criminals.
Some phishing websites spreading in this campaign contained malware, making Barclays customers even more vulnerable to the cyber-attack. Fortunately, the fake pages have been quickly removed from the internet. Users who keep their antivirus updated are protected in several ways. Firstly e-mails are blocked by antispam engines; and secondly, if they are accidently opened the anti-phishing or anti-malware alert will pop up.
Like many other financial companies, Barclays has warned clients it will never contact them by e-mail in this way to announce their account has been 'suspended'. In May this year, Barclays Wealth & Investment Management started testing a biometrics solution to authenticate customers by checking their voices against pre-recorded voice patterns.
"Phishing e-mails represent 2.5 percent of all spam messages sent worldwide, and in the UK percentages are higher as phishers seem to prefer Brits," states Catalin Cosoi, Chief Security Strategist at Bitdefender. "It isn't only Barclays customers who are targeted by cyber-criminals. PayPal, eBay, Twitter and WellsFargo are some of the most popular companies whose reputation crooks love to exploit."