Is SantanderUK compromised?
This morning I have received a special spam, the kind that warrants a blog post.
It's interesting for several reasons:
- It has my name in the Subject Header
- It came through an address that I have only given to my bank
- It uses a clever old-school trick to avoid bayesian filtering (text hidden with white fonts on a white background)
- It used Microsoft's delivery infrastructure (and therefore didn't have any problems with grey-listing)
- It uses 'sane' headers and no links (which tends to be a red-flag for spams)
As a security professional, when I see that type of targeted spam, several questions spring to mind:
- Have they sold my details? If so, where did they get my consent from?
- If not, they must have been compromised. What else have they leaked? Do they even know?
I have sent them an email this morning, asking the questions above... and will update this post with their reply.
For the curious, here is a copy of the spam from Santander.