glasgowcyclist
Charming but somewhat feckless
- Location
- Scotland
I received a phishing text about an hour ago.
The text was simple and not overly alarming but something was wrong with the link given which, at first glance, seemed legit.
(I’ve edited the original so as not to lead to the phishing scam.)
This is clever use of the TLD .support to fool people.
What they’ve done is register the domain name https://uk-authentic-review.support and then create a subdomain of “bankname.co.” to tack on to the front of it that then gives the full, deceptive string as shown in the text I received.
I’ve forwarded it to 7726 and thought I‘d post it here in case members get it or have relatives who may be susceptible to clicking on it unquestioningly. I guess they will have a variety of bank names they’ll pretend to be so don’t assume it’s only affecting Santander customers.
Stay alert!
The text was simple and not overly alarming but something was wrong with the link given which, at first glance, seemed legit.
(I’ve edited the original so as not to lead to the phishing scam.)
“[BANKNAME]: We have noticed unusual activity on your account.
To prevent a block being placed please visit https://[bankname].co.uk
To prevent a block being placed please visit https://[bankname].co.uk
-authentic-review.support”
Substitute [BANKNAME] with Santander and you can see how convincing the original is. Not banking with Santander, I knew it was a scam but the apparently genuine domain name had me stumped for a second until I realised the formatting after “.co.uk” was wrong. It was using - instead of / as a separator and, crucially, ended with “.support”. This is clever use of the TLD .support to fool people.
What they’ve done is register the domain name https://uk-authentic-review.support and then create a subdomain of “bankname.co.” to tack on to the front of it that then gives the full, deceptive string as shown in the text I received.
I’ve forwarded it to 7726 and thought I‘d post it here in case members get it or have relatives who may be susceptible to clicking on it unquestioningly. I guess they will have a variety of bank names they’ll pretend to be so don’t assume it’s only affecting Santander customers.
Stay alert!