cancel
Showing results for 
Search instead for 
Did you mean: 

Spam from "Santander"

Gel
Seasoned Pro
Posts: 1,501
Thanks: 154
Fixes: 12
Registered: 02-08-2007

Spam from "Santander"

I've had 3 e mails get through entitled "Important message from Santander Group",
which are clearly spam; why's the filter failing.
Have sent 2 on as attachment to Plus Net Spam Training but just received another:
Here are headers
"Return-path: <securityalert@santander.co.uk>
Envelope-to: @xxxxxxx.plus.com
Delivery-date: Thu, 25 Aug 2011 15:01:57 +0100
Received: from [212.159.7.34] (helo=mx.ptn-ipin02.plus.net)
  by inmx20.plus.net with esmtp (PlusNet MXCore v2.00) id 1QwaVI-000859-VI
  for @xxxxxx.plus.com; Thu, 25 Aug 2011 15:01:57 +0100
Received-SPF: None identity=pra; client-ip=72.167.234.226;
  receiver=mx.ptn-ipin02.plus.net;
  envelope-from="securityalert@santander.co.uk";
  x-sender="securityalert@santander.co.uk";
  x-conformance=sidf_compatible
Received-SPF: None identity=mailfrom; client-ip=72.167.234.226;
  receiver=mx.ptn-ipin02.plus.net;
  envelope-from="securityalert@santander.co.uk";
  x-sender="securityalert@santander.co.uk";
  x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=72.167.234.226;
  receiver=mx.ptn-ipin02.plus.net;
  envelope-from="securityalert@santander.co.uk";
  x-sender="postmaster@p3nlsmtp02.shr.prod.phx3.secureserver.net";
  x-conformance=sidf_compatible
X-SBRS: 0.4
X-IronPort-AV: E=McAfee;i="5400,1158,6448"; a="218773291"
X-IronPort-AV: E=Sophos;i="4.68,281,1312153200";
  d="html'217?scan'217,208,217";a="218773291"
Received: from p3nlsmtp02.shr.prod.phx3.secureserver.net ([72.167.234.226])
  by mx.ptn-ipin02.plus.net with SMTP; 25 Aug 2011 15:01:39 +0100
Received: (qmail 19240 invoked from network); 25 Aug 2011 13:16:26 -0000
Received: from unknown (HELO p3nlhftpg078.shr.prod.phx3.secureserver.net) ([184.168.193.94])
          (envelope-sender <securityalert@santander.co.uk>)
          by p3nlsmtp02.shr.prod.phx3.secureserver.net (qmail-ldap-1.03) with SMTP
          for <g@free-online.net>; 25 Aug 2011 13:16:25 -0000
Received: from User (p3nlhftpg078.shr.prod.phx3.secureserver.net [184.168.193.94])
by p3nlhftpg078.shr.prod.phx3.secureserver.net (8.13.8/8.12.11) with SMTP id p7ONYcxv031304;
Wed, 24 Aug 2011 16:35:34 -0700
Message-Id: <201108242335.p7ONYcxv031304@p3nlhftpg078.shr.prod.phx3.secureserver.net>
From: "Santander Bank Plc."<securityalert@santander.co.uk>
Date: Thu, 25 Aug 2011 08:35:33 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_00F3_01C2A9A6.4CA8F2A0"
Some sort of attachment with it too. e mail size 255kb
8 REPLIES
Plusnet Help Team
Plusnet Help Team
Posts: 13,122
Thanks: 160
Fixes: 55
Registered: 27-04-2007

Re: Spam from "Santander"

How are you so certain this is really spam? The e-mails could be from a legitimate source.
To be safe rather than sorry I've checked your spam filter settings and can see that it is set appropriately and on a reasonably high level at the moment so I'd be questioning the nature of the message and if it is really spam.
Adam
If this post resolved your issue please click the 'This fixed my problem' button
 Adam Walker
 Plusnet Help Team
Gel
Seasoned Pro
Posts: 1,501
Thanks: 154
Fixes: 12
Registered: 02-08-2007

Re: Spam from "Santander"

Don't bank with them so that's first clue!
And Financial institutions never send e mails asking for such sensitive data.
eg from Santander www
EMAIL SCAMS and FAKE WEBSITES
1.         Santander will never send you an email asking to confirm security questions or update your information.

I've sent to their phishing address too.Just had another in same vein purporting to be from Halifax on line banking:
Subject title account restricting is being carried out
Not native English speaker me thinks!
Has a suspicious "Halifax Update Form" attached; html format.
Neither of these e mails bore any logos of Banks like many phishing e mails.
Neither had me appearing in TO line.
I assume many others have had these, and am concerned that less savvvy, who did bank with
them, have out of date virus prog/ firewall etc, may open form, divulge what they shouldn't.
If you give me your e mail Adam, I can send on as attachments.
I have pdf'd the attachments; want to know everything bar inside leg!
The Santander has very similar tone (to Halifax) so may be from same source as arriving at
similar time, and is a scam.
updateBoth come from same IP 184.168.193.94 Angry
pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: Spam from "Santander"

IP address:
184.168.193.94
Server Location:
Scottsdale, AZ in United States
ISP:
GoDaddy.com
Gel
Seasoned Pro
Posts: 1,501
Thanks: 154
Fixes: 12
Registered: 02-08-2007

Re: Spam from "Santander"

Yes saw that.
I'll send Sheriff Joe in

Nice kit he makes his prisoners wear!
PS
Just had another arrive in my Inbox from Santander/Abbey my ar*e!
Anyone else seeing em?
pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: Spam from "Santander"

only ones recently have been Halifax,and I dont bank with them, they are marked as spam
Superuser
Superuser
Posts: 9,465
Thanks: 816
Fixes: 52
Registered: 06-04-2007

Re: Spam from "Santander"

I've had several from "Lloyds Bank" recently (who I don't bank with), but those went to a non-Plusnet e-mail address.
David
koldham
Newbie
Posts: 1
Registered: 27-08-2011

Re: Spam from "Santander"

Just had similar from Halifax (subject : account restricting is being carried out)  containing a form asking for the Earth &  its password.
antiquebrit
Grafter
Posts: 76
Registered: 09-12-2009

Re: Spam from "Santander"

I have been receiving scam emails from Halifax, Lloyds and Santander for quite a while, none of with which I bank.  I have been forwarding them on to email@actionfraud.org.uk . Action Fraud forwards the emails to the National Fraud Intelligence Bureau which is run by the City of London Police.  So far the number of scam mails have greatly decreased but not ceased entirely.
David