Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Phishing email targets Santander clients

Posted on 30 April 2012.

Customers of Santander, one of the largest banking groups in the world, are currently being targeted with a phishing email masquerading as a bogus notification of a scheduled software upgrade:

Subject: Santander Online Banking Notice

Dear Valued Customer,

Santander Online Banking technical services department is carrying out a scheduled software upgrade to improve the quality of services for the bank's customers. Please upgrade immediately by clicking on this link below:

Secure Sign-In Access

Thank you for your prompt attention to this matter.

Regards,
Security Department

According to Hoax-Slayer, the offered link takes users to a spoofed Santander online banking website, where they are asked to enter their ID, passcode, customer PIN, mobile number, landline number and data of birth.

Having done that, the site requests for them to set up three security questions and answers, which will, of course, be misused by the phishers to gain access to the users' account.

In the end, the users are redirected to the legitimate website of Santander's UK branch in order to maintain the illusion that nothing out of the ordinary happened.