Wednesday, 28 January 2015

Phishing Your Account - Barclays www1-barclays.com

Alert Summary:

Phishing: Your Account - Barclays www1-barclays.com phishing emails saying that you have mismatched infοrmatiο.

Sample Message headers:
From: Barclays {barclays@support.com}
Subject: Your Account - Barclays
Sample Message body:
Imροrtant Νοtice    
      
Dear Mr xxxxxxx,   
      
Τhis email οriginates frοm an autοmated system that detects when we haνe mismatched infοrmatiοn regarding a custοmer οr their accοunt. We may haνe cοntacted yοu already regarding this issue, if sο please ignοre this email. Ιt is essentiaΙ hοweνer, that we hοld the cοrrect infοrmatiοn as we use this infοrmatiοn tο νerify yοur identity whenever yοu call us οr perfοrm transactiοns οnline.    
      
 If yοu fail tο νerify yοur accοunt we may place a limitatiοn οn the serνices yοu access such as οnline and telephοne banκing and to avoid any further inconvenience we advise that you update these details within 24 hours.   
      
To begin the process simply click the link below.   
      
Get Started   
      
Ρlease nοte: Υου may alsο νerιfy yουr accουnt by νisiting yουr nearest branch. Tο lοcate yουr nearest branch please νisit ουr website


The above link to Apple site, doesn't take you there but instead takes you to a fake phishing site:
http://tiny.cc/barclays2
 The above URL redirector site, takes you to this domain:
http://www1-barclays.com/olb/auth/start.phpe

The fake phishing site above looks like this:

At first glance, it looks like the genuine barclays.com but look closely.... www1-barclays.com

The fake "BARCLAYS" domain was recently set-up, details here:
Domain Name: WWW1-BARCLAYS.COM
Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Sponsoring Registrar IANA ID: 303
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Name Server: RS133.REGISTRAR-SERVERS.COM
Name Server: RS33.REGISTRAR-SERVERS.COM
Updated Date: 25-jan-2015
Creation Date: 25-jan-2015
Expiration Date: 25-jan-2016

Domain Name: WWW1-BARCLAYS.COM
Registry Domain ID: 
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2015-01-25T19:27:29Z
Creation Date: 2015-01-25T19:27:28Z
Registrar Registration Expiration Date: 2016-01-25T19:27:28Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1-2013775952
Registry Registrant ID: 
Registrant Name: David Ayeni
Registrant Organization: N/A
Registrant Street: 132 Victoria Road   
Registrant City: London
Registrant State/Province: London
Registrant Postal Code: RM1 2NX
Registrant Country: GB
Registrant Phone: +44.02039483949
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: davidayeni823@gmail.com
Registry Admin ID: 

The fake phishing site will also ask you to hand over more details...

Cheers,

Steve
Sanesecurity.com

No comments: