Do Spammers Ever Give Up?

 

We've just gone through Christmas and the number of messages from spammers has continued unabated.

Perhaps the odd thing was that I had a large number of Barclays messages on Christmas and Boxing Day. Some were very amateurish and targeted at Woolwich, a Barclays subsidiary, customers.

Typically they are registered to someone in the US. Take missch.biz which is registered to Leesa Christensen with an e-mail address of tom1altman@yahoo.com.

Why do the US authorities allow domain names to be registered to someone who uses an anonymous e-mail address? Probably for the same reason they champion the death penalty!

Are Alliance and Leicester the New Barclays?

 

Last week I got 4395 phishing e-mails for Barclays. That's just over 700 a day!

This week, since Sunday, I've had 128, 5, 2 and none.

At about six on Sunday morning someone put the boot in to the crooks who were sending this stuff. A lot of all bank phishing has now disappeared, with the average last week at 900 a day and this week so far at 240. Let's hope there are some nice people in a jail somewhere. I will not speculate, but judging by most of the countries where this evil rubbish comes from, I doubt that it will be as pleasant as a guest of Her Majesty.

Now though most of the scams are aimed at customers of the Alliance and Leicester.

It's funny but why are most scams aimed at British banks?

I certainly would never bank on-line with anybody that featured in my databases. Most seem indifferent to scams, with one or two notable exceptions, who strangely hardly feature at all.

Is Barclays Serious About Fighting Phishing Scams?

 

I am compelled to write yet another note about phishing attacks on Barclays Bank. It did appear that they have stopped but now they are more numerous than ever.


The graph shows all bank phishing scams I have received from the 5th of May until the 7th of October to about ten different web domain names. Blue are messages supposedly from Barclays and the other banks with significant attacks are also shown.

1. As you can see from the graph, phishing scams are increasing in number, rather than decreasing.

2. Barclays now constitute over ninety percent of the phishing messages that I receive and this share has been increasing in recent weeks.

3. Seven of the receiving domains are .com’s so I would hope I’d get a share of messages for foreign banks. I don’t! So have US and Continental banks got a grip on phishing.

4. Bank of Scotland was targeted for several weeks. They stopped on the 9th September and have not resumed. This behaviour has also been seen with the Co-operative Bank, NatWest and Nationwide. I suspect that they may have stopped the problem.

5. I wrote to the Chief Executive of Barclays, John Varley, explaining what I had found and didn’t even get the courtesy of a reply.

I can only assume that either I am being specifically targeted, in the mistaken belief that I have a Barclays account or Barclays are indifferent to security. Note that I would never open an on-line account with Barclays, until they convinced me they had solved the problem of phishing.

A note is now available for downloading and distribution which gives full details.

Is Barclays Serious about Fighting Phishing Scams?
Feel free to read and distribute as you require.

Barclays Phishing Scams Start Again

 

It must be hell being the Managing Director of Barclays.

Barclays seems to be attacked all the time by criminals. And much more than other banks. Why? Is the security bad? Or is it so good, they just keep trying to beat it as they've beaten everybody else? Or is it just because they're the largest Internet bank.

I did send a letter to the MD, but he didn't reply. Does it show what he thinks of customers?

Anyway today I've received over 60 phishing e-mails aimed at Barclays. All point at sabma.info which is based in Russia. Do Barclays have their Internet servers there? I don't think so.

As I've said before don't bank with any Internet bank for which you get phishing attacks. You might just make a mistake.

Are Barclays Phishing Scams Going To Start Again?

 

I have just received a phishing e-mail purporting to come from Barclays. Incidentally, I haven't received any for some weeks.

It doesn't come from Barclays of course, but it points to a web site called barclayss.com which was registered in Pakistan on the 19th of July.

Now shouldn't Barclays have registered this name themselves.

This is another reason why I son't trust their on-line banking.

Is This the End of Bank Phishing E-Mails?

 

This note is a follow up to my previous note on Bank Phishing scams of the 1st of June. You can see from the graph below, that it appeared that the attacks on Barclays (in blue) and their customers may have stopped.


The graph shows all bank phishing scams I have received from the 5th of May until the 16th of July to about ten different web domain names. The banks shown are in order; Barclays, Co-Operative Bank, Lloyds TSB, Nationwide BS, PayPal, Foreign and Others. Colours are shown in the legend above the graph.

Phishing scams are where you are sent a fake e-mail and asked to enter your username, password and other details into a fake web site. If you do enter your details, your bank account is quickly emptied.

The graph shows some interesting patterns :-

1. Barclays have received the highest number of messages and the fiercest attacks for some time, but I have only had a couple of messages in the last four weeks.

2. There have been significant attacks on the Co-Operative Bank, Nationwide BS and Lloyds TSB. Analysis of these messages shows they could have been sent by the same group.

3. For the last ten days, there has not been more than a couple of messages each day. Most have been amateurish and aimed at a varied selection of banks.

The question that has to be asked is have we reached the end of this type of phishing scam?

If this is so, where will the criminals attack next?

A note is now available for downloading and distribution which gives full details.

Is This the End of Bank Phishing E-Mails?
Feel free to read and distribute as you require.

Letter to Barclays

 

On the 9th of June I wrote the following letter to John Varley, the Chief Executive of Barclays Bank about the phishing attacks on their bank.

Why I Won’t Use Barclays On-Line Banking

I have been a computer professional for the last forty years and in that time I’ve created two world class businesses.

For the last ten years I’ve been involved with the Internet, in the analysis of its use and misuse, with respect to promotion of companies, development of software, eCommerce and fraud. Since the beginning of 2001, I’ve shown increasing interest in the so-called phishing scams and have collected an extensive database.

All of this knowledge is soon to be published in a book called Making the Most of the Internet. The various frauds and scams form a large part.

Around the 19th of May, I thought that Barclays had finally removed the curse of phishing scams that have affected it for many years. The enclosed chart shows how I used to receive about fifty of these scams every day on the e-mail traps I have set. But since about the 3rd of June they have started again!

It puzzles me why Barclays is being singled out in this way! Is it because they are the largest on-line Bank? Is it because scams against Barclays are more likely to succeed?

I would certainly not bank on-line with any on-line bank that was being attacked in this way.

I have not received a reply.

Perhaps this sums up their attitude to phishing attacks. I shall be moving my Woolwich account elsewhere.

No Barclays and All Nationwide

 

Have the crooks decided to move all of their attacks from Barclays to Nationwide?

Over the last few days, I've had none for Barclays and about thirty every day for Nationwide Building Society. Interestingly, I don't think they are the same group who attacked Barclays, as the pattern is different. The Nationwide attacks tend to come in small groups of two or three, whereas those for Barclays come in larger bunches.

Interestingly, I note that Nationwide add your post code to every e-mail they send you. That sounds a simple idea that might help the careful to identify the good from the poison.

Barclays Bank Phishing E-Mails Start Again

 

This note is a follow up to my previous note on Bank Phishing scams of the 1st of June. At that point it appeared that the attacks on Barclays and their customers may have stopped.


The graph shows all bank phishing scams I have received from the 5th of May until the 10th of June to about ten different web domain names.

As before, in the graph, blue are messages supposedly from Barclays and red shows other smaller attack on the Co-Operative Bank. Cream is attacks on PayPal accounts, light blue is anything outside of the UK and all other UK phishing is green.

The great majority of the new attacks on Barclays customers are very similar to many of those that occurred before the 19th of May. Could it be that the crooks and their servers had been located and supposedly destroyed, but that the interruption was only an irritance?

A note is now available for downloading and distribution which gives a full analysis.

Barclays Bank Phishing E-Mails Start Again
Feel free to read and distribute as you require.

More Barclays Phishing Scams

 

I got 35 scams attacking Barclays customers yesterday.

They were all the same, except for different e-mail addresses and different URLs to go to get conned.

Some had a URL of www.ru, which probably is a clue to where they came from.

Come on Mr. Putin, please do something to protect us all from these crooks.

An Analysis of Bank Phishing E-Mails - Barclays

 

It really is amazing that Barclays customers have been directly targetted in this way. Is it because Barclays has more customers? Is it because their customers are more vulnerable? Is Barclays security not as good as other banks?

I don’t know and can only guess.

The good news is that as from the 19th, the amount of phishing scams seem to have dropped significantly. Interestingly since then, ninety percent of the e-mails seem to be very amateurish with very bad spelling.

The last two e-mails to Barclays on the 28th and 29th are almost a joke. One points to a domain in Australia and the other to one in France.

If anybody is stupid enough to be taken in by either of those, they deserve to be conned.

Tip - If you are using Outlook 2003, move the mouse pointer over the link and the program will tell you the real link. If it's not Barclays, then don't click it.

View the Latest Bank Phishing Data!

An Analysis of Bank Phishing E-Mails

 

I collect spam and bank phishing e-mails in particular.

I should say that as I have had an Internet presence since about 1992, my e-mail addresses at daisy.co.uk have been severely compromised. They have been distributed to virtually all of the spammers, whether they are in the US, Russia, Eastern Europe, China or elsewhere.

To make matters worse, but much better for the purpose of collecting spam, some bright spark has generated lots of e-mail addresses based on daisy.co.uk, so they can tell the crooks that they’ve sent many times more than they actually have. Sometimes I get twenty or thirty copies of the same message to different addresses. Most of these addresses bear no relation to reality, typically being something like fred_smithth@daisy.co.uk.


To illustrate the scale of the problem, I’ve taken just one source of spam; bank phishing scams, where criminals are trying to get details of bank accounts through fake sites.

In the graph, blue are messages supposedly from Barclays, red shows the Co-Operative Bank and yellow shows all the other phishing attempts on other banks. I have included messages to about ten domain names, most of which are .coms, in addition to daisy.co.uk.