Santander: Important Update about your account - spam!
We have seen this email over the weekend. The email us a standard looking Santander email but obviously it tries the age-old trick of pretending someone has tried to break into your account. Fear combined with shock intending to make you act before you think. As usual, the sender email address is completely irrelevant, in this case an EDU suffix.
From: Santander <email@example.com>
Sent: Sunday, December 3, 2017 8:37 AM
Subject: Important Update about your account
If you are having trouble viewing this message, please click here.
E-mail Security Information.
Your security is our priority
We recently reviewed your account, and we suspect an unauthorized transaction .
Therefore as a preventive measure we will temporary limit your access to sensitive Santander Online features.
To ensure that your account is not compromised, please log in to your Santander Online and verify your identity to prevent deactivation.
Please use the hyperlink below to login to our secure Santander account Online from Step 1 of 3 to verify your accounts.
Verify now »
Thank you for choosing Santander,
The Santander Online Banking Help Team.
Keep your account information up-to-date. In the event of fraudulent or unusual activity, we'll need to know the best way to reach you. Log in to your account or click to Update now »
Anyway let's have a look at what this one does so as to be ready for future emails phishing:
The email looks reasonable enough...
It has all of the hallmarks of a legitimate email:
The 'Verify now' button links, also to:
And when visited we see the following:
Once again, very close to the real thing, and has no certificate errors, but this is because it is not a secure site. I am currently using Microsoft Edge in this case and so will report this site:
I click on the three dots in the top right-hand corner:
I now choose 'Send feedback'
Now I click 'report unsafe site" and choose 'phishing' as that is obviously what this site is.
Once reported we receive a confirmation that the site will be analysed, but please feel free to report this one your self as it will speed up the closing of the site.