So I had intended to write this back in February when I first noticed the situation but other things got in the way and delayed this post. Its return to the front pages has now prompted me to finish the article, without any further a do lets talk about that email you may have received that the bank never sent.
In other words lets talk about phishing emails under the pretext of a banks’ email.
First a bit of scene setting, back in February the sad news that Barclays was cutting jobs was on the BBC and other news stations, notably the BBC’s business editor Robert Preston had an interview with Barclays chief Exec Antony Jenkins which you can see below and in this article on the bbc site
So what does this mean ?
Well it means that you are aware some unpleasant things were going on at Barclays, so any information sent you’re way (especially for those were customers) met you in a frame of mind that this is probably information to encourage reassurance or something of the sort, sort of an autopilot mode.
Well the one thing about the news is that its freely accessible, anyone can get it and unfortunately so do scammers who can try to take advantage of information to run some sophisticated scams on unsuspecting people. In this case it’s the email scam where an email from a bank recently in the news (somewhat at the back of your mind already), with an email address seemingly from the bank ( the email address has the bank name conveniently placed) to again give
an image of credibility tricking your mind and thus bringing your guard down.
Hallmarks of a dubious email.
So lets focus on the email, the signs to watch out for and the reasons why (click image to enlarge).
1. First of all, the email address: ”barclays@email.barclays.co.uk” so the url it is coming from is apparently ”email.barclays.co.uk” not ”barclays.co.uk” if you type in ‘www.email.barclays.co.uk’ into your url you will see it is a dud site but it gives the illusion prima facie that it is genuine.
However ”www.barclays.co.uk” is the genuine url and brings up the genuine website.
2. The opener : ”Dear customer” , when most financial institutions write to you, they address each customer personally so it will be ”Dear Mr. John Doe” therefore, this ‘dear customer’ is another red flag which in my opinion.This principle of not trusting a generic ”dear customer” should be applied to anything you receive especially over the internet .
3. Grammatical Errors: another BIG give away, you would expect that Barclays would know the difference between ”temporary suspended” and ” temporarily suspended” as such typos would reflect poorly on their professionalism and reputation. Well I imagine if this was a genuine letter from Barclays then it would most certainly not have any typos.
4.False sense of urgency: ”DO NOT IGNORE THIS MESSAGE IS FOR YOUR SECURITY” ofcourse it is, the sooner you can do as they wish the sooner they can run their hustle on you .
5. Thank you from ”Barclays Bank PLC”: so you mean the whole of Barclays Bank PLC as an entity took the time out to compose the e-mail to me, not an individual in any particular department ? (Well of course, hence the please do not reply to this email in the footer at the end) This point coupled with what I have discussed so far begins to build the picture.
6. The Required Form zip attachment: This is the most important part of this whole article, internet security is a big topic and will continue to be for many years to come ”The National Fraud Authority estimates fraud costs the UK more than £73 billion a year”.
Now aside from the obvious issue that a con artist has sent you an email with a form(that can contain viruses) to fill out your personal details so they can no doubt clear out your bank account ,there is a far wider reaching topic of a Remote Access Tool aka R.A.T.
To put it simply it is no different from the story of the trojan horse, in this case you download something that seems normal onto your laptop and it turns out to be a R.A.T (which can be virtually undetected) that means whoever sent this to you can now control your laptop, see what you see and indeed spy on you via a webcam.
Folks if there’s anything you take away from reading this it is never download anything which you don’t know or cannot trust its source. In this scenario, the con artist can first of all get your details via the elaborate letter from the bank con and if he/she is more advanced and using an R.A.T then your privacy is also compromised.
Now Let me Show You the Money
Lets ask Google and do the maths.
There are over 7 billion people in the world.
There are over 60 million people in the United Kingdom.
Now how many email addresses are there?
How many are there that have been harvested and can then be spammed?
The answer to these questions is almost impossible to determine as it can literally change by the second.
Lets create a mock scenario, let say there are drastically low 1 million people in the UK with e-mails , lets then say only 50% of those emails have been harvested.
Then lets say a con artist has access to that email list of harvested emails.
He/she then sends a similar con email to that list of 500,000.
Lets then say only 20% open the email.
Out of that 20% only 5% respond.
So bottom line 5000 people have sent their sensitive information via e-mail, in other words there are 5000 bank accounts at the disposal of the con artist all from one shot of spam phishing emails.
Now I hope this information has armed you with a few ways to stay safe online and to immediately recognise a dubious email.
(Photo credit: the bbc )