MoMusings

Over the last 36 hours I’ve been seeing almost nothing but phishing scams aimed at Barclays Bank [British Bank]. Yes, I’m still seeing eBay and PayPal phishes too, even eGold and the odd HSBC one as well.

Here is a screenshot of a typical Barclays phishing scam that I’m seeing by the bucket load:

A larger version can be found here.

The more observant out there may have noticed that the ‘From:’ address has been forged to look like it has come from ‘Barclays plc cust-support-484375@barclays.co.uk‘. This is to try and convince the intended tartget that this has come from Barclays, when in fact it has come from, in this instance, ‘home (71.126.84.130)‘, which is probably a system that is part of a botnet.

The actual text in the e-mail is not text at all, it is a graphic file, there is usually text in the e-mails body, but it is random clippings in the colour #FFFFF3, #FFFFF2 and #FFFFF4 [which looks cream]. The only other thing in the e-mail body is a hyperlink [URL] to the phishing site, which is not the URL shown on the graphic!

Here’s an example of what the ‘hidden’ [cream] text is in the sample that I took the screeshot from:

hurricane, thy one tost sapling cannot, Starbuck! And what is it?
father or furtherer of a new order of beings, whose road must lead
which, after a clumsy fashion, were made of straightened iron hoops;
it is the only one that can possibly succeed, for it alone is

At this point the actual graphics file is in GIF format, but this may well change.

So, if you are a Barclays customer be on your guard as it seems that the phishers are spending significant amounts of their time to try and get you to disclose your internet banking details…. This is not surprising as a recent report has shown that internet fraud was up 55 percent in the UK from the previous year!

Obviously, to those behind these scams, these are Gold Phish! Don’t get hooked.