Ryan.G Posted January 13, 2009 Share Posted January 13, 2009 Hi All Tonight i had to do some online banking and when going to my usual logon page i was brought to the page below. Went back onto the barclays site through google again and got the same page. I dont like the look of the questions it is asking and on my other laptop i get the normal page. Anyone seen this before? Thanks Ryan Quote Link to comment Share on other sites More sharing options...
Gaz6002 Posted January 13, 2009 Share Posted January 13, 2009 Don't touch THAT with a bargepole mate. Get your computer scanned ASAP, looks as dodgy as I've seen in a while. Quote Link to comment Share on other sites More sharing options...
Gaz6002 Posted January 13, 2009 Share Posted January 13, 2009 Also, have you cleared cookies and tried again? Quote Link to comment Share on other sites More sharing options...
Guigsy Posted January 13, 2009 Share Posted January 13, 2009 esp as there is a html/code error in the page. Thats not the kind of info you would be asked for by the bank anyway. Quote Link to comment Share on other sites More sharing options...
Ryan.G Posted January 13, 2009 Author Share Posted January 13, 2009 Just rang barclays about it and they didn't want to know! Have AVG but anyone got any links on the above or a good scanner to find the bugger Ryan Quote Link to comment Share on other sites More sharing options...
Wez Posted January 13, 2009 Share Posted January 13, 2009 That really doesnt look right. Has to be something on the laptop as the URL looks good. https://ibank.barclays.co.uk/olb/h/LoginMember.do Quote Link to comment Share on other sites More sharing options...
flukey-lukey Posted January 13, 2009 Share Posted January 13, 2009 My barclays login page doesnt look like that! Quote Link to comment Share on other sites More sharing options...
Pot Posted January 13, 2009 Share Posted January 13, 2009 Dodgy as hell fella, and you say B/Card didn't want to know? Make sure you call them from a phone that has an itemised phone bill is the first thing I'm thinking... Secondly, download Firefox (Google it), and try the site through that... Quote Link to comment Share on other sites More sharing options...
JustGav Posted January 13, 2009 Share Posted January 13, 2009 View source page and post that, there might be a dodgy URL in there... EDIT : I've compared the pages and they aren't identical...apologies, busy looking at the source now. Quote Link to comment Share on other sites More sharing options...
DARETT Posted January 13, 2009 Share Posted January 13, 2009 They do not need a Telephone banking passcode at all to log in. We have business banking online with them, and it's never asked for that passcode! Do you use a Firefox server? Quote Link to comment Share on other sites More sharing options...
Homer Posted January 13, 2009 Share Posted January 13, 2009 Thats not what I am seeing and none of the links or secutiry checks ask for that info. No secure site would ask for all that info in a single form. Below is a pic of what you should see. Try clearing your cache and temp files, then Ctrl-F5 the page. Quote Link to comment Share on other sites More sharing options...
Ryan.G Posted January 13, 2009 Author Share Posted January 13, 2009 If it means anything, I get the EXACT same page on firefox (on linux with full security running firewall and system) View source page and post that, there might be a dodgy URL in there... What ISP are you with Gav? Quote Link to comment Share on other sites More sharing options...
DARETT Posted January 13, 2009 Share Posted January 13, 2009 Just to add, We sometimes had some dodgy pages appear through Firefox, and when launched via Internet explorer/Safari it was perfect. Maybe Firefox is more susceptible to fraudulent pages?.. Quote Link to comment Share on other sites More sharing options...
Ryan.G Posted January 13, 2009 Author Share Posted January 13, 2009 Thats not what I am seeing and none of the links or secutiry checks ask for that info. No secure site would ask for all that info in a single form. Below is a pic of what you should see. Try clearing your cache and temp files, then Ctrl-F5 the page. Yh on my other laptop i get that fine Quote Link to comment Share on other sites More sharing options...
SupraShaun Posted January 13, 2009 Share Posted January 13, 2009 It looks like one of the html tags is missing its opening bracket/ tag Quote Link to comment Share on other sites More sharing options...
DARETT Posted January 13, 2009 Share Posted January 13, 2009 Thats not what I am seeing and none of the links or secutiry checks ask for that info. No secure site would ask for all that info in a single form. Below is a pic of what you should see. Try clearing your cache and temp files, then Ctrl-F5 the page. That pic is the only one that should come up when logging on with Barclays.. Telephone passcode for online banking should set the alarm bells ringing.. Quote Link to comment Share on other sites More sharing options...
caseys Posted January 13, 2009 Share Posted January 13, 2009 Just for curiosity's sake, when you're on that website open a command prompt and do a netstat? Does your computer have any connections open to IP address 213.219.1.141? I'm just wondering if you've got something diverting your DNS requests... Oh and stop using IE! Quote Link to comment Share on other sites More sharing options...
Ryan.G Posted January 13, 2009 Author Share Posted January 13, 2009 Just for curiosity's sake, when you're on that website open a command prompt and do a netstat? Does your computer have any connections open to IP address 213.219.1.141? I'm just wondering if you've got something diverting your DNS requests... Oh and stop using IE! I got this Microsoft Windows XP [Version 5.1.2600] © Copyright 1985-2001 Microsoft Corp. D:\Documents and Settings\Ryan>netstat Active Connections Proto Local Address Foreign Address State TCP ryan-ef83c9b973:1037 localhost:1038 ESTABLISHED TCP ryan-ef83c9b973:1038 localhost:1037 ESTABLISHED TCP ryan-ef83c9b973:1039 localhost:1040 ESTABLISHED TCP ryan-ef83c9b973:1040 localhost:1039 ESTABLISHED TCP ryan-ef83c9b973:1036 83.98.28.35:http CLOSE_WAIT TCP ryan-ef83c9b973:2286 by1msg4276303.phx.gbl:1863 ESTABLISHED TCP ryan-ef83c9b973:3078 by2msg1262119.mixer.edge.messenger.live.com:1863 ESTABLISHED TCP ryan-ef83c9b973:3191 pop.daily.co.uk:imap ESTABLISHED TCP ryan-ef83c9b973:3306 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3307 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3308 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3309 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3310 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3311 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3312 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3313 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3314 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3315 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3316 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3317 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3318 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3319 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3320 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3322 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3323 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3324 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3325 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3326 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3327 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3328 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3329 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3330 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3331 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3332 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3333 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3334 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3335 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3336 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3337 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3338 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3339 209.17.73.32:http TIME_WAIT TCP ryan-ef83c9b973:3342 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3343 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3344 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3345 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3346 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3347 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3348 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3349 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3350 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3351 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3352 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3353 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3354 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3355 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3356 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3357 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3358 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3359 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3360 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3361 92.241.161.57:http TIME_WAIT TCP ryan-ef83c9b973:3363 92.241.161.57:http TIME_WAIT TCP ryan-ef83c9b973:3371 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3376 mkivsupra.titaninternet.co.uk:http TIME_WAIT TCP ryan-ef83c9b973:3387 89-145-122-175.as29017.net:http ESTABLISHED TCP ryan-ef83c9b973:3388 213.219.1.141:http ESTABLISHED TCP ryan-ef83c9b973:3391 212.140.250.40:http ESTABLISHED TCP ryan-ef83c9b973:3392 62.172.239.143:https ESTABLISHED TCP ryan-ef83c9b973:3393 62.172.239.143:https ESTABLISHED TCP ryan-ef83c9b973:3395 89-145-122-175.as29017.net:https ESTABLISHED TCP ryan-ef83c9b973:3396 eua0000057-vip13.eu.verio.net:https ESTABLISHED D:\Documents and Settings\Ryan> Quote Link to comment Share on other sites More sharing options...
creative Posted January 13, 2009 Share Posted January 13, 2009 ive just tried using the ip addy you posted caseys and it goes to the barclays site.. click the login page and I dont get the same as ryan....it only asks for your login details oh i dont bank with them and never been to their site either... Quote Link to comment Share on other sites More sharing options...
Pot Posted January 13, 2009 Share Posted January 13, 2009 Blimey, I got this : C:\Users\Pot>netstat Active Connections Proto Local Address Foreign Address State TCP 127.0.0.1:27015 Pot-Desktop:49159 ESTABLISHED TCP 127.0.0.1:49159 Pot-Desktop:27015 ESTABLISHED TCP 127.0.0.1:49172 Pot-Desktop:49173 ESTABLISHED TCP 127.0.0.1:49173 Pot-Desktop:49172 ESTABLISHED TCP 127.0.0.1:49174 Pot-Desktop:49175 ESTABLISHED TCP 127.0.0.1:49175 Pot-Desktop:49174 ESTABLISHED TCP 192.168.2.4:49297 a92-122-126-242:http CLOSE_WAIT TCP 192.168.2.4:49984 by2msg2043516:msnp ESTABLISHED TCP 192.168.2.4:50255 82-33-58-230:54856 ESTABLISHED TCP 192.168.2.4:50539 92-232-130-35:4803 ESTABLISHED TCP 192.168.2.4:51019 www:http ESTABLISHED TCP 192.168.2.4:51061 209-18-46-57:http TIME_WAIT TCP 192.168.2.4:51070 host138:http ESTABLISHED TCP 192.168.2.4:51072 209-18-46-57:http TIME_WAIT TCP 192.168.2.4:51073 www:http ESTABLISHED TCP 192.168.2.4:51074 host107:http ESTABLISHED TCP 192.168.2.4:51088 www:http ESTABLISHED TCP 192.168.2.4:51089 209.170.97.107:http ESTABLISHED TCP 192.168.2.4:51096 207.46.96.155:https TIME_WAIT TCP 192.168.2.4:51097 by2msg1vr1:https TIME_WAIT TCP 192.168.2.4:51098 207.46.27.253:7001 TIME_WAIT TCP 192.168.2.4:51123 207.46.27.253:7001 TIME_WAIT TCP 192.168.2.4:51188 channel04:http ESTABLISHED Quote Link to comment Share on other sites More sharing options...
caseys Posted January 13, 2009 Share Posted January 13, 2009 Well Ryan you've got a connection to Barclays: TCP ryan-ef83c9b973:3388 213.219.1.141:http ESTABLISHED As you can see you've got 4 HTTP Secure connections : TCP ryan-ef83c9b973:3392 62.172.239.143:https ESTABLISHED TCP ryan-ef83c9b973:3393 62.172.239.143:https ESTABLISHED (These are your ibank secure connections - so no DNS rerouting - You do have a 'secure' connection to barclays, so no-one's looking at what you're transmitting. That doesn't mean no-one's logging what you're typing locally) TCP ryan-ef83c9b973:3395 89-145-122-175.as29017.net:https ESTABLISHED TCP ryan-ef83c9b973:3396 eua0000057-vip13.eu.verio.net:https ESTABLISHED (I assume these two are tunnels via your ISP... I could be wrong, I'm no IP expert) I do agree with others, I smell a rat, no Financial institution will ever ask you to verify your details or passwords. I assume you're running general safety software? A firewall and something like Avast or AVG? I would also recommend running HiJackThis to check if anything abnormal is in your running processes or registry - Several Anti-virus forums always say to run this, then generally you can post a log up and people will help diagnose. http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis HTH, but it has been a few years since I've done any AV work. Others may be able to recommend better protection or quicker methods Quote Link to comment Share on other sites More sharing options...
caseys Posted January 13, 2009 Share Posted January 13, 2009 ive just tried using the ip addy you posted caseys and it goes to the barclays site.. click the login page and I dont get the same as ryan....it only asks for your login details oh i dont bank with them and never been to their site either... If that's the case I think someone's got some code in the page that IE does not like formatting. Has anyone tried it in firefox? I've tried it in OSX Firefox, Opera and Safari and I get the same page as Ryan but yet only have two boxes to put details in, Surname and Membership Number. Hmm. IE is shonky! Quote Link to comment Share on other sites More sharing options...
Ryan.G Posted January 13, 2009 Author Share Posted January 13, 2009 Just done full scan with AVG and clean so do people think its worth junking IE then? Quote Link to comment Share on other sites More sharing options...
Nodalmighty Posted January 13, 2009 Share Posted January 13, 2009 Just rang barclays about it and they didn't want to know! Have AVG but anyone got any links on the above or a good scanner to find the bugger Ryan I have AVG and it's a waste of space. I use Stop Zilla to kill off all that spyware and explorer high jacking sh1t. Lyndon. Quote Link to comment Share on other sites More sharing options...
caseys Posted January 13, 2009 Share Posted January 13, 2009 Just done full scan with AVG and clean so do people think its worth junking IE then? Personal opinion yes. Firefox or Opera, others may say else tho IE is unfortunately the most targeted browser for exploits. Then again so is Windows and it's software in general Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.