Paging TOG - Internet Security

Hello dear.

As I'm one of our resident Identity Theft 'victims' I opened a suss
email claiming to be from Barclays. It looks like Phishing to me but
it's a bit *too* good.

Firstly it addresses me by my correct name, secondly it contains my
correct postal address and lastly it is addressed to me at my correct
email address.

It also looks quite realistic and the only sign of it being a scam is
the "click here" button which appears to direct to
ibank.barclays.co.uk.barclaysusers.ru although I haven't clicked any
links on the email.

I've phoned up Barclays who don't give a **** (hardly shock news as
they're the same company that gave out all of my personal details to a
total stranger and then changed my address to theirs late last year)
who just told me to forward the email and delete it.

I don't mind phishing, but it's a bit of bother when it has correct
personal information in it.

There's not much I can do about it. My address is public domain, as
is my name so I can't get it removed from The World and I'm obviously
on some "willing victim" scam list somewhere.

 

Get your details taken off the public electoral roll (if they're not
already).

 

So why should you - change banks.

 

'Sfunny, I've had a whole raft of "Barclays" phishing attempts recently
(despite not even banking with them0, although none contained the level
of personal info you describe.

I went to Barclays web-shite and did a search for pertinent information
for escalation and the only recommendation was to forward to the New
Scotland Yard's anti-fraud division.

Ho hum.

 

snip

From
http://www.personal.barclays.co.uk/...sk=articleFWvi2&site=pfs&value=9190&menu=4926

If you have received a scam email, please forward it on to
(we won't be able to reply
individually). If you think your account has been accessed, please visit
our victim of fraud page.

 

I've already forwarded the email (as stated in my original post) and
have already phoned them as described on their Victrim of Fraud page,
but they DGAF.

 

I've already changed banks - but that didn't stop them giving away my
details originally.

 

Oops sorry, didn't see that. Did you EXPECT them to GAF? Bankers.

 

Scammers getting smarter shocker.

Any e-mail from my bank gets opened in raw source format first. I look at
all the URLs to make sure they're correct. Obviously the one above is
not, so I personally would not visit it and would have just deleted it.

Change email, name and address, wrap tin foil around your head and don't
talk to anyone. That should help.

 

And how are Islington Parking services?

 

The Chief Exec has yet to respond to my letter which was received 28th
February according to the Royal Mail Special Delivery tracker.

 

21st

 

You won't be on a "willing victim" list. Such lists exist, but they're
only of people who've been stupid enough to pay out money.

Just ignore it. Block all emails coming from .ru if you feel like it,
but I'd just ignore it.

Actually, you could open it, go to the fake form where they ask for
your details, and fill it in with fake details. It wastes their time.

On occasions where scammers have asked me for my banking details, I've
always given the correct banking details for the London Borough of
Sutton, to whom I pay my council tax. Bank, address, account name (in
my guise as a dodgy charitable funds administrator for the Church of
England, I tell the scammers that LBS stands for 'Lord's Benevolent
Society') and number.

I figure that if Sutton Council can't look after its money, it deserves
to lose it. And hey! Who knows? Perhaps the 15.5 million quid that the
scammers promise really exists. In which case I'll demand a rebate on
my council tax.

 

It was stuck in my filter already but I wanted to see something with
gmail so I released it from SpamCop and actually looked at the body.
If I hadn't have looked in my SpamCop filter I'd never have noticed my
name and address.

I would click the link, but it appears that they've got some string of
characters in the URL to identify me. They're a lot more advanced
than I had hoped.

<http://hayn.gotadsl.co.uk/phish.jpg>

I've bodged out my address and part of the URL string (above the start
button) but it does appear that they've invested a lot in this scam.

I think I'll just delete the email.

 

The english is still very poor. Much better than previous ones I've
seen, but I've yet to get a letter or email from my bank where a
sentence starts with "And".

The other thing is the "MR/MRS" - my bank knows what gender I am, and
in the case of many of my arrangements, my marital status.

I don't think the scammers can pull this off the electoral role - hence
the generic approach.

Having an email address that doesn't have one's name (or surname if
it's a unique surname) also helps I think.

 

Wik wrote

Pathetic innit. I just report them through the normal Spamcop channels
and carry on with life[1].

[1] For a variable and totally personal value of life, obviously.

 

wrote

There is no need to continue with this deceitful charade my son, the
First Church of UKRM will accept all with open arms regardless of
whatever burdens of sin they may have carried in the past. Come and
join us, we could do with a dodgy funds administrator as it happens.

 

Switters emerged from their own little world to say

The online banks I use never send emails with personal information in. Of
course they send spam about their products but if they reply to a query I
get an email which asks me to log onto the secure site to read the message.
I ignore any other requests for information.

 

In uk.rec.motorcycles, BGN belched forth and ejected the following:

If your bank really want to get hold of you they'll use other means.

 

Whinging Courier wrote

On the odd occasion that my bank have felt the need to query my online
spending pattern they have phoned me. Mind you I don't bank with what
is left of what the used to call the Big 5, I bank with a proper foreign
bank, so I don't seem to have the security issues that the rest of you
have.