In a similar approach to other recent online banking scams, the email tricks users into surrendering their account information used to steal their identify and extort funds.
Here’s a screenshot of the email you’ll need to look out for:
As you can see the email appears to be sent by firstname.lastname@example.org, alerting readers to a new ‘Online Banking’ email.
As highlighted, the scammers have successfully forged the sender address to mimic an official Barclays Bank address, by fraudulently sending emails from a similar registered domain, Barlcay.com - this is an innocent individual's personal domain that has been hacked into, not belonging to the bank.
The email, which includes synonymous Barclays sky blue branding, making it appear legitimate, advises users that they are no longer able to access their online banking account for a number of reasons listed.
This Barclays scam then instructs users to resume their account access by clicking the blue hyperlink ‘Login to get Started ?’.
More vigilant readers would be immediately suspicious on an email which has grammatical errors, including the inappropriate use of a question mark, inconsistent use of capital letters and erroneous double spacing, claiming to originate from a reputable organisation.
You’d also usual expect a personalised banking communication to address the reader by name, which this online banking scam doesn’t.
Once the user has clicked on the link, they are then directed to the below landing page, an identical, professionally-designed copy of a Barclays internet banking homepage.
One obvious sign that this webpage isn’t legitimate is the website URL, which bears no relation to Barclays Bank, although unassuming readers may not notice this, with their attention diverted by the quality of the page design.
Several of the image buttons on the right hand column of the page do not work, and have no destination web address, which you’d expect from a legitimate organisation’s webpage.
Once you’ve entered your Surname, card number or account details and clicked the blue, “Next Step” button, the page expands and asks readers for additional confirmation information, including their internet banking passcode and characters of their private memorable security word.
Once the user has then clicked the bottom blue “Log in to Online Banking” button, they are then taken to another screen, which suggests that their account has been temporarily suspended, and asks for additional verification information to be submitted.
Here, you’ll again notice a glaring grammatical error which should raise your suspicions – an “online baking service” is not something you’d normally associate with Barclays Bank.
However, the use of a red warning box, together with an “X” symbol is something that we often see on legitimate website forms to display inaccurate input of information, and a new technique used in online phishing scams.
Again, once the user clicks “Next step”, the page open further, asking for more information to be submitted:
Having clicked “Validate”, the user is then told that the verification is complete, but to wait until the system has successfully logged them out of their account in order to complete the process.
The legitimacy of this Barclays phishing scam is further strengthened when the page redirects to the official Barclays Internet Banking log in screen, which, aside from a few minor copy variations, is a replica of the scammers initial phishing webpage.
Unknown to the recipient, once they’ve submitted their details, the scammer then has access to the following:
- Your Barclays internet banking account, bank account and credit card details, in order to transfer money and appropriate funds
- Additional verification details (first and last name, date of birth and address), used to gain access to related services.
Protecting yourself from online banking scams
This Barclays Bank scam and other recent online phishing emails have highlighted a growing sophistication in the techniques used by cyber criminals.
The official webpages which they imitate are faked using high quality “ripping” software, and are therefore very difficult to differentiate between, while relying on social engineering techniques to trick users into surrendering their private account details.
Cyber criminals are constantly adjusting their campaigns as they learn which techniques work and which don’t, although there are nearly always tell-tale signs to look out for.
You should always be suspicious of emails that:
- Appear to be sent from a well-known organisation but are not addressed to you by name or include spelling or grammatical errors
- Ask you to click on a link within an email in order to verify your identity. You should always go to your provider’s website directly by typing in their address in the web domain bar or indirectly through Google
- Include a link to a landing page with a suspicious, unofficial-looking URL
- Ask you to confirm personal information that a legitimate sender would not ask for – for example, your credit card details or bank account numbers to verify your online banking account.
Barclays recommend that you forward all suspicious emails to email@example.com and then delete them immediately. Customers can find more information on how to report phishing scams involving their business here.
Adding a cloud-based email filtering solution will prevent threats like new phishing email campaigns and malware attacks from reaching your inbox in the first place. As cloud solutions are updated in real-time, they can effectively block new 'zero-day' threats as soon as they are detected.
By sharing our blogs and tips with staff you can also ensure that staff are aware of the most recent online banking scams in circulation, while providing them with further prevention education.
You can also keep up-to-date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.