Santander: Important Update about your account - SPAM!
We have seen this email over the weekend. The email us a standard looking Santander email but obviously it tries the age-old trick of pretending someone has tried to break into your account. Fear combined with shock intending to make you act before you think. As usual, the sender email address is completely irrelevant, in this case an EDU suffix.
From: Santander < [email protected] >
Sent: Sunday, December 3, 2017 8:37 AM
To: Recipients
Subject: Important Update about your account
If you are having trouble viewing this message, please click here. E-mail Security Information.
|
|
|
Your security is our priority Dear Customer: We recently reviewed your account, and we suspect an unauthorized transaction . Therefore as a preventive measure we will temporary limit your access to sensitive Santander Online features. To ensure that your account is not compromised, please log in to your Santander Online and verify your identity to prevent deactivation. Please use the hyperlink below to login to our secure Santander account Online from Step 1 of 3 to verify your accounts. Verify now »
|
Thank you for choosing Santander, Christian Westcough The Santander Online Banking Help Team.
|
|
Keep your account information up-to-date. In the event of fraudulent or unusual activity, we'll need to know the best way to reach you. Log in to your account or click to Update now »
|
|
|
|
|
|
Anyway let's have a look at what this one does so as to be ready for future emails phishing:
The email looks reasonable enough...
It has all of the hallmarks of a legitimate email:
- "Keep your account up-to-date" (The English here is all present and correct)
- Email security information "If you have concerns about the authenticity of this message, please visit http://www.santander.co.uk/uk/index for options on how to contact us." - This shortcut actually takes us to: notaioagenova.it/retail/ which appears to be an Italian website that has been compromised, or is just a front for illegal activity.
The 'Verify now' button links, also to:
http://retail.santander.co.uk.logon.notaioagenova.it/retail/Login.php
And when visited we see the following:
Once again, very close to the real thing, and has no certificate errors, but this is because it is not a secure site. I am currently using Microsoft Edge in this case and so will report this site:
I click on the three dots in the top right-hand corner:
I now choose 'Send feedback'
Now I click 'report unsafe site" and choose 'phishing' as that is obviously what this site is.
Once reported we receive a confirmation that the site will be analysed, but please feel free to report this one your self as it will speed up the closing of the site.