24). Barclays Bank - HTML.Phishing.Bank-490
This email targets customers of Barclays Bank.
Message Details
| Malware Name: | HTML.Phishing.Bank-490 |
| Origin: |  United States |
| Date first seen: | 13/07/2006 16:51:08 |
| Number seen: | 5 |
| Date last seen: | 04/08/2006 14:20:35 |
| From: | "Barclays Bank PLC"<update@barclays.co.uk> |
| Subject: | Important Notice |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
19/07/2006 01:18:31 | 19/07/2006 01:18:31 | 38.101.111.52 |
http://img159.exs.cx/img159/9760/topbk4ac.gif | |
|
13/07/2006 16:52:22 | 13/07/2006 22:41:04 |  200.135.44.1 |
http://ar.unisul.br/ibank.barclays.co.uk/olb/p/LoginMember.do/index.htm | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
[barclays_logo.gif]
Important Notice: July 14, 2006
Dear Sir/Madam,
Barclays Bank PLC. always look forward for the high security of our clients.
Some customers have been receiving an email claiming to be from Barclays
advising them to follow a link to what appear to be a Barclays web site,
where they are prompted to enter their personal Online Banking details.
Barclays is in no way involved with this email and the web site does not
belong to us.
Barclays is proud to announce about their new updated secure system. We
updated our new SSL servers to give our customers a better, fast and secure
online banking service.
Due to the recent update of the servers, you are requested to please update
your account info at the following link.
[1]https://update.barclays.co.uk/olb/p/LoginMember.do
*Important*
We have asked few additional information which is going to be the part of
secure login process. These additional information will be asked during your
future login security so, please provide all these info completely and
correctly otherwise due to security reasons we may have to close your
account temporarily.
J. S. Smith
Security Advisor
Barclays Bank PLC.
_________________________________________________________________
Please do not reply to this e-mail. Mail sent to this address cannot be
answered.
For assistance, log in to your Barclays Online Bank account and choose the
"Help" link on any page.
Barclays Email ID # 1009
References
1. http://ar.unisul.br/ibank.barclays.co.uk/olb/p/LoginMember.do/index.htm
Additional Examples