Barclays ‘New Secure Document’ Phishing Scam [Explained]

Photo of author

Written by: Stelian Pilici

Published on:

Scams and phishing attempts have become increasingly sophisticated in recent years, with cybercriminals constantly finding new ways to deceive unsuspecting victims. One such scam that has been making the rounds is the Barclays ‘New Secure Document’ phishing scam. This article aims to provide a detailed overview of this scam, including what it is, how it works, what to do if you have fallen victim, technical details, and statistics to support the points made.

Scams

What is the Barclays ‘New Secure Document’ Phishing Scam?

The Barclays ‘New Secure Document’ phishing scam is an attempt by cybercriminals to trick Barclays bank customers into revealing their personal and financial information. The scam typically involves sending an email or text message to the victim, claiming that they have a new secure document waiting for them to review. The message often appears to be from Barclays, complete with the bank’s logo and branding, making it look legitimate.

Once the victim clicks on the link provided in the message, they are directed to a fake website that closely resembles the official Barclays website. The website prompts the victim to enter their login credentials, including their username and password. In some cases, the scam may also ask for additional personal information, such as their full name, address, date of birth, and social security number.

How Does the Scam Work?

The Barclays ‘New Secure Document’ phishing scam works by exploiting the trust that customers have in their bank. The cybercriminals behind the scam carefully craft the email or text message to appear legitimate, using official logos, branding, and language that mimics Barclays’ communication style. This makes it difficult for victims to distinguish between a genuine message from the bank and a phishing attempt.

Once the victim clicks on the link in the message and enters their login credentials on the fake website, the cybercriminals gain access to their account. They can then use this information to carry out various fraudulent activities, such as making unauthorized transactions, stealing funds, or even selling the victim’s personal information on the dark web.

What to Do If You Have Fallen Victim?

If you have fallen victim to the Barclays ‘New Secure Document’ phishing scam, it is crucial to take immediate action to minimize the potential damage. Here are the steps you should follow:

  1. Contact Barclays: Notify Barclays bank immediately about the scam and provide them with all the relevant details. They will be able to guide you on the necessary steps to secure your account and prevent any further unauthorized access.
  2. Change Your Password: As a precautionary measure, change your Barclays online banking password and any other passwords associated with your financial accounts. Choose a strong, unique password that includes a combination of letters, numbers, and special characters.
  3. Monitor Your Accounts: Regularly monitor your bank accounts, credit cards, and other financial accounts for any suspicious activity. If you notice any unauthorized transactions or unusual behavior, report it to your bank immediately.
  4. Scan for Malware: Run a scan with Malwarebytes Free or any reputable antivirus software to check for any malware or keyloggers that may have been installed on your device.
  5. Enable Two-Factor Authentication: Enable two-factor authentication (2FA) for your Barclays online banking account and any other accounts that offer this additional security feature. 2FA adds an extra layer of protection by requiring a second form of verification, such as a unique code sent to your mobile device, in addition to your password.

Technical Details of the Scam

The Barclays ‘New Secure Document’ phishing scam typically relies on social engineering techniques to deceive victims. The cybercriminals carefully craft the email or text message to appear legitimate, often using official logos, branding, and language that mimics Barclays’ communication style. They may also use URL spoofing techniques to create a fake website that closely resembles the official Barclays website.

URL spoofing involves creating a website with a domain name that looks similar to the legitimate website. For example, the scam website may use a domain name like “barclays-security.com” instead of the genuine “barclays.co.uk.” This can trick victims into thinking they are on the official website when, in fact, they are on a fake one.

Additionally, the cybercriminals may use email spoofing techniques to make the message appear as if it is coming from a legitimate Barclays email address. They can manipulate the email headers to make it seem like the message originated from a trusted source, further increasing the chances of the victim falling for the scam.

Statistics on Phishing Scams

Phishing scams, including the Barclays ‘New Secure Document’ phishing scam, continue to be a significant threat to individuals and organizations worldwide. Here are some statistics that highlight the scale of the problem:

  • According to the Anti-Phishing Working Group (APWG), there were over 241,324 unique phishing attacks reported in the first quarter of 2023 alone.
  • In a survey conducted by Verizon, it was found that 30% of phishing emails are opened by the targeted individuals.
  • The average cost of a successful phishing attack for a medium-sized company is estimated to be $1.6 million, according to a report by IBM.
  • Phishing attacks are responsible for 90% of data breaches, as reported by the cybersecurity firm Cybint.

Summary

The Barclays ‘New Secure Document’ phishing scam is a sophisticated attempt by cybercriminals to deceive Barclays bank customers and steal their personal and financial information. By impersonating the bank and creating a fake website, the scammers trick victims into revealing their login credentials and other sensitive details. If you have fallen victim to this scam, it is crucial to take immediate action by contacting Barclays, changing your passwords, monitoring your accounts, and scanning for malware. Phishing scams like this continue to be a significant threat, and it is essential to stay vigilant and educate yourself about the latest techniques used by cybercriminals.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

PayPal ‘Credit Card Removed’ Phishing Scam [Explained]

Next

CSCDLL.dll: What It Is & Should I Remove It?