Santander Spam email - We recently reviewed your account
Watch out for this spam email circulating at the moment:
This email is made up as follows:
From: Santander <[email protected]>
Sent: Wednesday, October 4, 2017 10:37 AM
To: Recipients
Subject: We recently reviewed your account
|
IMPORTANT SECURITY NOTIFICATION
|
|
|
|
|
|
Dear Customer, At Santander we know protecting your identity is important, that´s why we´re always looking at ways to guard you from identity theft and fraud. We´re also committed to help you use our online service securely.
|
As part of our ongoing commitment to customer security we are constantly looking for new and improved ways to protect you and your assets. Our Internet banking security notice that your account profile is currently locked and you cannot perform any transaction online.
|
|
Due to security of your internet banking account we recommend you to reactivate & verify your account details. Please note that if you hold any joint accounts, only your details will be updated. Please use the REGISTER NOW below to update your account profile from Step 1 to 3.
|
Regards, Fraud Prevention Team
|
|
|
Terms and conditions Santander UK plc. Registered Office: 2 Triton Square, Regent's Place, London NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England. www.santander.co.uk Telephone 0870 607 6000. Calls may be recorded or monitored. Authorised and regulated by the Financial Services Authority except in respect of its Consumer credit products for which Santander UK plc is licensed and regulated by the Office of Fair Trading. FSA registration number 106054. Santander and the flame logo are registered trademarks. Please do not reply to this email. It has been sent from an email address that does not accept incoming emails. Santander will never ask you to supply personal information such as passwords or other security information via email. As an additional security measure, every customer email will be addressed to you personally. If you receive an email from Santander which is not personally addressed to you, or an email requesting personal information, please report this to [email protected]. We only send marketing messages if you have not objected to receiving them at present. If you would prefer not to receive marketing-based offers and information from us by email, please click here to unsubscribe. However, we will continue to inform you regarding important information about your account e.g. a rate change. You can check the above authorisations with the Financial Services Authority on www.fsa.gov.uk or by calling them on 0845 606 1234. OC146 JUN 11
|
As we can see, the originating email address is: Santander <[email protected]> which is obviously a stretch for a major bank. Whoever chelsea is, they are most certainly not authorised to send mass security emails on behalf of Santander.
We can also see that the links to the bank point to:
retail.santander.co.uk.logsuk.ns.ens.btochanneldriver.ssobto.dse.operationname.logon.dse.processor.logon.dse.processor.logon.logon.ahujacaterer.com/retail/
Which is actually the domain: ahujacaterer.com which is quite often used as a spam virus repository. It is currently rgistered to:
Registrant Contact Information:
Organization Software Company
Which really should have been locked down before due to the registration information omitted.
Information Updated: 2017-10-05 08:58:54
If we follow the link (and please do not do this yourself) we see that the account has already been suspended and so whomever is being subcontracted to send these spams is already wasting their time. Either way, another nasty virus or trojan would have been waiting to compromise your PC.