Does Not Compute

I got this email (excerpt) from Santander yesterday.

Spot the deliberate mistake?

Neil

Santander will never send you an e-mail asking you to click on a link, or to enter, reconfirm or change your security or card details. We will never ask you to tell us your passwords by e-mail or over the phone.

If you think you may have revealed your security details in any way, please call us immediately on 0800 9 123 123.

You can also help Santander by forwarding any Phishing email you receive to:

[email protected]

Edited By Neil Wyatt on 01/06/2019 21:51:23

Yes HaHa. Better not click on it.

Edited By V8Eng on 01/06/2019 23:13:52

Edited By V8Eng on 01/06/2019 23:21:39

I had a Santander phishing email a few weeks ago. Called into a branch and showed to staff on my phone. They were totally disinterested.

I tried clicking the link but it doesn't work

.

Here's why:

https://www.model-engineer.co.uk/forums/mailto%3Cimg%20src=

MichaelG.

Have to be so careful these days. I unplugged my home phone and just use the line for internet saves on a lot of junk calls. But mobiles create their own problems, especially when the scammers can clone genuine numbers.

Reminds me of an old police adage the A B C of investigators;

Accept nothing, Believe no one, Check everything....Mick

I rather thought the error was: Santander saying they would not send an e-mail asking you to click on a link but then went on to include a clickable link at the end.

perhaps Neil can tell us now.

Edited By V8Eng on 02/06/2019 09:03:48

.

Yes, of course ... but we cannot check to see whether the link was valid or spoofed, because Neil's pasting of the message has inserted the address that I posted for David's benefit.

MichaelG.

Indeed. The irony being that it was an automated email generate when I sent them a secure message.

Even more ironic as (bear with me):

1 - The secure message system asks for an email to send the acknowledgement, notification of a reply etc.

2 - It won't accept my work email address because the top level domain fails their verification even though it's been valid for five years. I have previously asked them to fix this.

3 - So I have to enter my old email address.

4 - It sends the emails to my work email address anyway...

Santander's IT department? First up against the wall...

Neil

WI love this type of system (not) one of the recent automated oddities was when I reported a phishing email to one of the organisations.

I got a reply thanking me for reporting the suspect website that I had visited!

Edited By V8Eng on 02/06/2019 10:09:43

Edited By V8Eng on 02/06/2019 10:20:06

Some mail clients look for plain text email addresses and turn them in to links. That address may have been entered as plain text. You can always re-type the address to avoid the risk of an obfuscated dangerous link.

No, it was a live link.

Sorry, I'm confused (as usual).

Just logged in to the secure santander website and I see this message on the log in page:

The correct contact number is quoted

What am I missing?

Edited By FMES on 02/06/2019 10:29:40

This is not a mobile issue. It is very easy for an automated calling system to spoof the caller ID, whether calling a mobile or fixed number.

I received a phone call the other day from my bank, when I asked them to prove it they said we don't have to as we are your bank! At which point I suggested they put the phone where the sum doesn't shine! The then sent me a letter asking me to ring them!

A couple of years back I got a call from my local bank branch.
As a security validation I asked if I could call back. The answer was no, we have no facilities to call a branch direct. Also if I called their call centre there was no way to redirect the call to the branch.....

Had the same responce from TSB got that 'what do you exspect me to do about it' !

H

Getting back to the original theme ...

I still don't get this. A construction such as [email protected] in the text of an email is simply a request to your email client to open up a new email window with that address and is not inherently dangerous since you can bail out at that point.

It (perhaps) could be dangerous if the sender has attached a hidden IP link to it (if that's even possible) and the user clicks on it unawares but I suspect most decent email clients would recognise the dichotomy and barf.

So was there a hidden IP link?

Edited By Bandersnatch on 02/06/2019 17:06:50

OK. having done some experimenting on my own system, I get it now.

(forgot about "mailto:"  )

Edited By Bandersnatch on 02/06/2019 17:38:03

I can't see anything wrong with the address "Santander.co.uk", and the "phishing@" is just a department.