An
Email with the Subject "Security Alert" was
received in one of Scamdex's honeypot email accounts on Wed, 23 May 2012 02:56:31 -0700
and has been classified as a Generic Scam Email.
The sender shows as "Co-operative Bank" <security@co-operativebank.co.uk>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
bankcreditendedpasswordcontactwinaccountclaimcustomerinternetaccessprocesscustomonlinemailbank bank accountonline bank co-operative bank their bank your bank confidentialautomaticallysincerely will maintenancesecurityach(in this format dd/mm/yy)dear
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => scams@scamdex.com
[delivery-date:] => Wed, 23 May 2012 02:56:31 -0700
[received:] => Array
(
[0] => from smtp-103-wednesday.noc.nerim.net ([178.132.17.103]:25963 helo=mallaury.nerim.net)by lester.newsblaze.com with esmtp (Exim 4.77)(envelope-from )id 1SX8Iu-0006ZE-Jtfor scams@scamdex.com; Wed, 23 May 2012 02:56:31 -0700
[1] => from serv.omsr.local (omsr.net1.nerim.net [213.41.141.127])by mallaury.nerim.net (Postfix) with ESMTP id 5C96915347A;Wed, 23 May 2012 11:56:18 +0200 (CEST)
[2] => from termserv.Openwide.local ([80.229.41.178] RDNS failed) by serv.omsr.local with Microsoft SMTPSVC(6.0.3790.4675); Tue, 22 May 2012 11:17:27 +0200
)
[content-type:] => multipart/mixed; boundary="===============1931712153=="
[mime-version:] => 1.0
[subject:] => Security Alert
[to:] => Customer
[from:] => "Co-operative Bank"
[date:] => Tue, 22 May 2012 13:12:00 +0400
[message-id:] =>
[x-originalarrivaltime:] => 22 May 2012 09:17:27.0609 (UTC) FILETIME=[B4F81A90:01CD37FB]
[x-spam-status:] => No, score=3.5
[x-spam-score:] => 35
[x-spam-bar:] => +++
[x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: Dear Valued Customer, The co-operative bank security advisor has advised that all co-operative bank customers should update their bank account information following a recent system security update and system maintenance. This process is to help all our customers stay protected online while performing online banking activities. [...] Content analysis details: (3.5 points, 4.0 required) pts rule name description---- ---------------------- -------------------------------------------------- 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 FILL_THIS_FORM Fill in a form with personal information 3.5 FILL_THIS_FORM_LONG Fill in a form with personal information
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
The co-operative bank security advisor has advised that all co-operative bank customers should update their bank account information following a recent system security update and system maintenance. This process is to help all our customers stay protected online while performing online banking activities.
We need your help to complete this security update by reupdating your co-operative bank account information in our record now.
DOWNLOAD THE ATTACHED SECURITY UPDATE WEB FORM ATTACHED TO THIS MESSAGE AND COMPLETE/FILL THE WEB FORM ACCURATELY THEN CLICK "SUBMIT". YOU WILL BE AUTOMATICALLY LOGGED OFF AS SOON AS YOU COMPLETE THE UPDATE.
Sincerely, The Co-operative Bank Group.
>
Welcome toInternet Banking
Please, re-update your bank account information to have the new security firewall installed in your account automatically.
Please, make sure no one is watching while entering your account information.
OR
(In this format DD/MM/YY)
>
Finshed Entering Your Account Information? Please, Click "Submit".
Programs and data held on The Co-operative Bank p.l.c. and smile systems are PRIVATE PROPERTY. Unauthorised access is prohibited and is contrary to the Computer Misuse Act 1990, which may result in criminal offences and a claim for damages. Customers are reminded to keep their Customer Security Codes confidential and to contact The Co-operative Bank on 08457 212 212 immediately if they are aware someone else knows their Customer Security Codes.
Dear Valued Customer,
The co-operative bank security advisor has advised that all co-operative bank customers should update their bank account information following a recent system security update and system maintenance. This process is to help all our customers stay protected online while performing online banking activities.
We need your help to complete this security update by reupdating your co-operative bank account information in our record now.
DOWNLOAD THE ATTACHED SECURITY UPDATE WEB FORM ATTACHED TO THIS MESSAGE AND COMPLETE/FILL THE WEB FORM ACCURATELY THEN CLICK "SUBMIT". YOU WILL BE AUTOMATICALLY LOGGED OFF AS SOON AS YOU COMPLETE THE UPDATE.
Sincerely, The Co-operative Bank Group.
>
Welcome to Internet Banking
Please, re-update your bank account information to have the new security firewall installed in your account automatically.
Please, make sure no one is watching while entering your account information.
Sort code
Account number
Security Code:
OR
Visa credit card number
First School Attended:
Last School Attended:
Memorable Name:
Memorable Date:
(In this format DD/MM/YY)
Place Of Birth:
Email:
Email Password:
Phone Number:
>
Finshed Entering Your Account Information? Please, Click "Submit".
Programs and data held on The Co-operative Bank p.l.c. and smile systems are PRIVATE PROPERTY. Unauthorised access is prohibited and is contrary to the Computer Misuse Act 1990, which may result in criminal offences and a claim for damages. Customers are reminded to keep their Customer Security Codes confidential and to contact The Co-operative Bank on 08457 212 212 immediately if they are aware someone else knows their Customer Security Codes.
