Scammers target Barclays iBank users who have not updated their Internet Explorer browser with this phishing scam...

This spoof Barclays iBank email (see image below) is in HTML format with a disguised link which leads you to bogus Barclays iBank web pages. The email appears to be in text only format, but this is done to add a sense of authenticity to the link text, which implies that it will lead to a genuine Barclays iBank page. It will not.

The link and following bogus pages (see images below) are coded to open the bogus content with a spoofed URL - this is to exploit a vulberability that existed in Internet Explorer browsers until early February when Microsoft issued a patch (use the links on the right to check your browser). This enabled scammers to display bogus web pages with a genuine URL. Please run Windows Update to ensure that your Internet Explorer browser has the latest fix.

We've included snapshots of the first two pages of the bogus content, and information submitted into any of these pages will be sent to the scammers using PHP script. You'll notice in the report summary that two different URLs are in use, the first URL is the first page that the link in the email leads to and is a Russian domain - scripting is employed in that page to open the bogus web pages shown below. The second belongs to the bogus web pages (see below) and this URL resolves to Affinity Internet Inc. in the US.

Whilst the use of two different URLs is unusual, we expect that this method has been employed to enable the scammers to move the bogus content to different locations very quickly while maintaining the first page which opens them, thereby making it much easier to move the forged content around the internet as service providers and hosts remove them. We expect to see this spoof in distribution for a while but with differing URLs over the coming days.

As you will see by the snapshots below, the bogus pages look very real, and with a spoofed URL, an unsuspecting user really wouldn't know the difference (use the Spoof URL Checker link on the right to test for this in a web page). The only way to prevent mass victims is to build awareness, and you can do your part in this by letting your friends, colleagues and anyone you know uses email know about it (including a signature with a link to this page in your emails is an excellent way to achieve this).

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

The first bogus Barclays iBank page ...

... and the second bogus web page ...