Menu Search Hoax-Slayer

Barclays 'Detected Irregular Activity' Phishing Scam

Outline
Email purporting to be from UK bank Barclays claims that irregular activity has been detected on the recipient's account and the account will therefore be restricted until the activity is verified.

Brief Analysis
The email is not from Barclays and the claim that the account must be verified is untrue. The message is a phishing scam designed to trick recipients into giving their banking login and security details to Internet criminals.


Example
Subject: E-Alert from Barclays

Dear Valued Customer ,

We detected irregular activity on your Barclays Online Banking Account.
For your protection, you must verify this activity before you can continue using your Online Banking.
Follow the reference below , fill out the information required to review your account and press continue. We will review the activity on your account with you and upon verification,We will remove any restrictions placed on your account. Click here to review
Please do not reply to this message. For questions, please call Customer Service . We are available 24 hours a day, 7 days a week.
We hope you find our Internet Banking service easy and convenient to use.

Yours sincerely Barclays Online Banking Team.


Detailed Analysis
Phishing continues to be one of the most common scams on the Internet. Why? Because, despite many warnings from banks, security sites, and government agencies - and considerable publicity from the mainstream media - phishing works and works well. Phishing takes many forms and has targeted users of many different financial institutions, government departments and Internet companies all around the world.


The version I discuss here targets customers of British bank Barclays. As such phishing scams go, it is typical. The scam email claims that irregular activity has been discovered on the recipient's Barclays account. Therefore, claims the email, before the customer can continue using the account, this "irregular activity" must be verified. The customer is invited to click a link to complete the verification process and remove any account restrictions.

If the customer falls for the ruse and clicks the link, he or she will be taken to a website that has been designed to closely mirror the genuine Barclays website. Once on the fake site, the customer will be taken through a series of bogus pages that ask for bank login details and other information pertaining to the account's security.

At the end of the process, the customer will be redirected to the real Barclays website and may remain unaware until later that his or her account details have been stolen.

Meanwhile, the criminals can use the stolen information to hijack the customer's account, transfer funds, and commit other fraudulent activities at will. 

Internet users need to be very cautious of any unsolicited email that claims that they must click a link or open an attached file to deal with an account problem, verify details, or perform an upgrade.

Real banks will not send their customers emails that ask them to click a link to provide login details and other personal and financial information. 

Barclays has published information about phishing and how to submit suspicious emails on its website.

It is always safest to login to your online accounts by entering the account address into your browser's address bar or via the company's official application or user software.


Last updated: April 1, 2014
First published: April 1, 2014
Written by Brett M. Christensen
About Hoax-Slayer

References
Phishing Scams - Anti-Phishing Information
Protect yourself from online fraud

© Brett M.Christensen, 2014. All Rights Reserved.

Go to Desktop Version