cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Spam from "Santander"

Gel
Aspiring Champion
Posts: 2,315
Thanks: 296
Fixes: 28
Registered: ‎02-08-2007

Spam from "Santander"

‎25-08-2011 3:14 PM

I've had 3 e mails get through entitled "Important message from Santander Group",
which are clearly spam; why's the filter failing.
Have sent 2 on as attachment to Plus Net Spam Training but just received another:
Here are headers
"Return-path: <securityalert@santander.co.uk>
Envelope-to: @xxxxxxx.plus.com
Delivery-date: Thu, 25 Aug 2011 15:01:57 +0100
Received: from [212.159.7.34] (helo=mx.ptn-ipin02.plus.net)
  by inmx20.plus.net with esmtp (PlusNet MXCore v2.00) id 1QwaVI-000859-VI
  for @xxxxxx.plus.com; Thu, 25 Aug 2011 15:01:57 +0100
Received-SPF: None identity=pra; client-ip=72.167.234.226;
  receiver=mx.ptn-ipin02.plus.net;
  envelope-from="securityalert@santander.co.uk";
  x-sender="securityalert@santander.co.uk";
  x-conformance=sidf_compatible
Received-SPF: None identity=mailfrom; client-ip=72.167.234.226;
  receiver=mx.ptn-ipin02.plus.net;
  envelope-from="securityalert@santander.co.uk";
  x-sender="securityalert@santander.co.uk";
  x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=72.167.234.226;
  receiver=mx.ptn-ipin02.plus.net;
  envelope-from="securityalert@santander.co.uk";
  x-sender="postmaster@p3nlsmtp02.shr.prod.phx3.secureserver.net";
  x-conformance=sidf_compatible
X-SBRS: 0.4
X-IronPort-AV: E=McAfee;i="5400,1158,6448"; a="218773291"
X-IronPort-AV: E=Sophos;i="4.68,281,1312153200";
  d="html'217?scan'217,208,217";a="218773291"
Received: from p3nlsmtp02.shr.prod.phx3.secureserver.net ([72.167.234.226])
  by mx.ptn-ipin02.plus.net with SMTP; 25 Aug 2011 15:01:39 +0100
Received: (qmail 19240 invoked from network); 25 Aug 2011 13:16:26 -0000
Received: from unknown (HELO p3nlhftpg078.shr.prod.phx3.secureserver.net) ([184.168.193.94])
          (envelope-sender <securityalert@santander.co.uk>)
          by p3nlsmtp02.shr.prod.phx3.secureserver.net (qmail-ldap-1.03) with SMTP
          for <g@free-online.net>; 25 Aug 2011 13:16:25 -0000
Received: from User (p3nlhftpg078.shr.prod.phx3.secureserver.net [184.168.193.94])
by p3nlhftpg078.shr.prod.phx3.secureserver.net (8.13.8/8.12.11) with SMTP id p7ONYcxv031304;
Wed, 24 Aug 2011 16:35:34 -0700
Message-Id: <201108242335.p7ONYcxv031304@p3nlhftpg078.shr.prod.phx3.secureserver.net>
From: "Santander Bank Plc."<securityalert@santander.co.uk>
Date: Thu, 25 Aug 2011 08:35:33 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_00F3_01C2A9A6.4CA8F2A0"
Some sort of attachment with it too. e mail size 255kb
Broadband Connection Troubleshooter

Contact/Chat : CHAT service often suspended though!
BT Wholesale Speed Test:
PN Network Status:
Land Line Connection_Troubleshooter:
Message 1 of 9
(8,127 Views)
0 Thanks
8 REPLIES 8
adamwalker
Plusnet Help Team
Plusnet Help Team
Posts: 16,784
Thanks: 857
Fixes: 217
Registered: ‎27-04-2007

Re: Spam from "Santander"

‎25-08-2011 3:28 PM

How are you so certain this is really spam? The e-mails could be from a legitimate source.
To be safe rather than sorry I've checked your spam filter settings and can see that it is set appropriately and on a reasonably high level at the moment so I'd be questioning the nature of the message and if it is really spam.
Adam
If this post resolved your issue please click the 'This fixed my problem' button
 Adam Walker
 Plusnet Help Team
Message 2 of 9
(1,036 Views)
0 Thanks
Gel
Aspiring Champion
Posts: 2,315
Thanks: 296
Fixes: 28
Registered: ‎02-08-2007

Re: Spam from "Santander"

‎25-08-2011 4:17 PM

Don't bank with them so that's first clue!
And Financial institutions never send e mails asking for such sensitive data.
eg from Santander www
EMAIL SCAMS and FAKE WEBSITES
1.         Santander will never send you an email asking to confirm security questions or update your information.
I've sent to their phishing address too.Just had another in same vein purporting to be from Halifax on line banking:
Subject title account restricting is being carried out
Not native English speaker me thinks!
Has a suspicious "Halifax Update Form" attached; html format.
Neither of these e mails bore any logos of Banks like many phishing e mails.
Neither had me appearing in TO line.
I assume many others have had these, and am concerned that less savvvy, who did bank with
them, have out of date virus prog/ firewall etc, may open form, divulge what they shouldn't.
If you give me your e mail Adam, I can send on as attachments.
I have pdf'd the attachments; want to know everything bar inside leg!
The Santander has very similar tone (to Halifax) so may be from same source as arriving at
similar time, and is a scam.
updateBoth come from same IP 184.168.193.94 Angry
Broadband Connection Troubleshooter

Contact/Chat : CHAT service often suspended though!
BT Wholesale Speed Test:
PN Network Status:
Land Line Connection_Troubleshooter:
Message 3 of 9
(1,036 Views)
0 Thanks
pierre_pierre
Grafter
Posts: 19,757
Registered: ‎30-07-2007

Re: Spam from "Santander"

‎25-08-2011 5:36 PM

IP address:
184.168.193.94
Server Location:
Scottsdale, AZ in United States
ISP:
GoDaddy.com
Message 4 of 9
(1,036 Views)
0 Thanks
Gel
Aspiring Champion
Posts: 2,315
Thanks: 296
Fixes: 28
Registered: ‎02-08-2007

Re: Spam from "Santander"

‎25-08-2011 5:56 PM

Yes saw that.
I'll send Sheriff Joe in

Nice kit he makes his prisoners wear!
PS
Just had another arrive in my Inbox from Santander/Abbey my ar*e!
Anyone else seeing em?
Broadband Connection Troubleshooter

Contact/Chat : CHAT service often suspended though!
BT Wholesale Speed Test:
PN Network Status:
Land Line Connection_Troubleshooter:
Message 5 of 9
(1,036 Views)
0 Thanks
pierre_pierre
Grafter
Posts: 19,757
Registered: ‎30-07-2007

Re: Spam from "Santander"

‎25-08-2011 6:59 PM

only ones recently have been Halifax,and I dont bank with them, they are marked as spam
Message 6 of 9
(1,036 Views)
0 Thanks
spraxyt
Aspiring Legend
Posts: 10,063
Thanks: 673
Fixes: 75
Registered: ‎06-04-2007

Re: Spam from "Santander"

‎26-08-2011 12:43 AM

I've had several from "Lloyds Bank" recently (who I don't bank with), but those went to a non-Plusnet e-mail address.
David
Message 7 of 9
(1,036 Views)
0 Thanks
koldham
Newbie
Posts: 1
Registered: ‎27-08-2011

Re: Spam from "Santander"

‎27-08-2011 3:08 PM

Just had similar from Halifax (subject : account restricting is being carried out)  containing a form asking for the Earth &  its password.
Message 8 of 9
(1,036 Views)
0 Thanks
antiquebrit
Grafter
Posts: 76
Registered: ‎09-12-2009

Re: Spam from "Santander"

‎30-08-2011 5:18 PM

I have been receiving scam emails from Halifax, Lloyds and Santander for quite a while, none of with which I bank.  I have been forwarding them on to email@actionfraud.org.uk . Action Fraud forwards the emails to the National Fraud Intelligence Bureau which is run by the City of London Police.  So far the number of scam mails have greatly decreased but not ceased entirely.
David
Message 9 of 9
(1,036 Views)
0 Thanks