sircles.net Computer Support The sircles IT support & solutions blog | Santander Spam email - We recently reviewed your account

Twitter Feed Popout byInfofru

The sircles IT support & solutions blog SEO, Copy Writing, Networking and Internet Safety & Security

Santander Spam email - We recently reviewed your account

5. October 2017 09:43 by sirclesadmin in Internet Security, SPAM, Popular Sites
Santander Spam email - We recently reviewed your account Watch out for this spam email circulating a

Santander Spam email - We recently reviewed your account

Watch out for this spam email circulating at the moment:

This email is made up as follows:

 

 

 

From:                              Santander <chelsea.decarlo@unco.edu>

Sent:                               Wednesday, October 4, 2017 10:37 AM

To:                                   Recipients

Subject:                          We recently reviewed your account

 

If you cannot see this email, click here

 

security

IMPORTANT SECURITY NOTIFICATION

 

 

 


Dear Customer,

At Santander we know protecting your identity is important, that´s why we´re always looking at ways to guard you from identity theft and fraud. We´re also committed to help you use our online service securely.

As part of our ongoing commitment to customer security we are constantly looking for new and improved ways to protect you and your assets. Our Internet banking security notice that your account profile is currently locked and you cannot perform any transaction online.

Due to security of your internet banking account we recommend you to reactivate & verify your account details. Please note that if you hold any joint accounts, only your details will be updated.

Please use the REGISTER NOW below to update your account profile from Step 1 to 3.

NEXT


Regards,

Fraud Prevention Team

 

Terms and conditions

Santander UK plc. Registered Office: 2 Triton Square, Regent's Place, London NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England. www.santander.co.uk Telephone 0870 607 6000. Calls may be recorded or monitored. Authorised and regulated by the Financial Services Authority except in respect of its Consumer credit products for which Santander UK plc is licensed and regulated by the Office of Fair Trading. FSA registration number 106054. Santander and the flame logo are registered trademarks.

Please do not reply to this email. It has been sent from an email address that does not accept incoming emails. Santander will never ask you to supply personal information such as passwords or other security information via email. As an additional security measure, every customer email will be addressed to you personally. If you receive an email from Santander which is not personally addressed to you, or an email requesting personal information, please report this to phishing@santander.co.uk.

We only send marketing messages if you have not objected to receiving them at present. If you would prefer not to receive marketing-based offers and information from us by email, please click here to unsubscribe. However, we will continue to inform you regarding important information about your account e.g. a rate change.

You can check the above authorisations with the Financial Services Authority on www.fsa.gov.uk or by calling them on 0845 606 1234.

OC146 JUN 11

 

As we can see, the originating email address is: Santander <chelsea.decarlo@unco.edu> which is obviously a stretch for a major bank. Whoever chelsea is, they are most certainly not authorised to send mass security emails on behalf of Santander.

We can also see that the links to the bank point to: 

retail.santander.co.uk.logsuk.ns.ens.btochanneldriver.ssobto.dse.operationname.logon.dse.processor.logon.dse.processor.logon.logon.ahujacaterer.com/retail/

Which is actually the domain: ahujacaterer.com which is quite often used as a spam virus repository. It is currently rgistered to:

Registrant Contact Information:
Name Pankaj Garg
Organization Software Company
 
 
Which really should have been locked down before due to the registration information omitted.
Information Updated: 2017-10-05 08:58:54

If we follow the link (and please do not do this yourself) we see that the account has already been suspended and so whomever is being subcontracted to send these spams is already wasting their time. Either way, another nasty virus or trojan would have been waiting to compromise your PC.

 

Add comment