1. I am not an account holder and its addressed to account holders.

2. the html email would have requested images etc from an IP address which resolved to a US hosting company not visibly associated with the barclays bank website.

3. the email headers were all over the place and not at all how they should be for a confidential email from a bank to its customers.

Its a bit of a shock to me that some people actually submitted their info to the spoof website. Especially as I think people doing their banking online should be aware of security issues more than the rest of us who decide not to for security reasons.

Anyhow identity theft is according to an expert I spoke to recently a significant part of current electronic fraud.

I wonder how much user education is required and how companies like barclays can properly protect their customers from this in the future.

Note: on receipt of the mail I went to the official barclays websites and tried to find an easy way to report the abuse. After a couple of minutes and all the corporate speak I thought no forget it, this company does not seem to be taking this sort of thing seriously. They referred people to the met police and did not seem to want to know themselves .. that was it for me.

Thanks but no thanks.