I generally don’t look twice at the shed-load of phising emails I get every day but one I got today caught my attention for being extra devious.

On a visual level it was nothing special, it had the Barklays logo and style etc down perfectly as is the norm, what got me about it was the content. Usually the emails pretend to be from the admins and ask you to log in to verify your details or you won’t be able to use your account. This one is different in that it tells you that some random address has been added to your account and gives you a link to un-do this change. I have a feeling this one will catch quite a few people out. As usual an inspection of the URL the link goes to gives the game away, it is not going to the Barkleys domain but to 160.red-217-125-59.staticip.rima-tde.net, which whois tells me is in Madrid. Howerver, they have again been devious because the location on that server is /.online/ibank.barclays.co.uk/ so if you lust look at the end of the URL you see barklays.co.uk which is again a devious twist. The criminals behind this one are thinking and I fear they will manage to defraud a lot of people.

Below is a screenshot of the email: