I got an email at work today, sent to our generic “security” address, telling me that I need to update my security information at Barclays Bank.
This is funny for so many reasons.
In the first place, that email address doesn’t belong to any one person. Then there is the fact that it’s a bank in the UK and I am in the US.
Then we move on to the contents of the page. It includes a URL that looks like this: https://update.barclays.co.uk/olb/p/LoginMember.do (this page doesn’t exist) but actually takes you to this page: http://www.voodoocult.net/forum/2pages_1_%5b1%5d.barclays.co.uk/
2pages.barclays.co.uk/olb/p/LoginMember.do/
There are so many things wrong with this phishing page.
The site is not using SSL.
They don’t even try to hide the fact the URL is wrong.
On the top of the page is a big warning about scammers and a link to the real Barclays page about how to avoid being scammed – where the first thing they warn you about are phishing emails! It says:
Ignore emails claiming to be from Barclays that ask you to follow links to a site to confirm your Online Banking security and membership details.
And then the form to collect your information doesn’t even check to see if you entered any data. You can just click on the Next buttons and it happily goes to the next page.
Hahahaha. All I can do is laugh.