Phishings targeting Barclays

Suspicious and active websites

Phishings targeting Barclays

Suspicious and active websites

Active

New (7d)

Trend (7d)

↓50%

Website: barclays.co.uk
About: AIUK retail and business banking phishing. Credentials, OTP capture, and second-factor-bypass pages are the recurring pattern.
Hosts: Amazon.com, Inc. (3)
Countries: Ireland (3)
TLS certs: Amazon RSA 2048 M02 (1) · Amazon RSA 2048 M01 (1)

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

Last check (UTC)	First seen (UTC) ▾	URL	Flags	Details
2026-06-30 07:30	2026-06-27 13:01	https://barclays-grads.twineapp.com/password/invalid-tenant	OpenPhish	Details
2026-06-30 07:30	2026-06-17 01:08	https://barclays-grads.twinehr.com	OpenPhish	Details
2026-06-30 07:30	2026-06-17 01:07	https://barclays-grads.twineapp.com/login	OpenPhish	Details

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

URL	Screenshot	Details
https://barclays-grads.twinea… OpenPhish		Details
https://barclays-grads.twineh… OpenPhish		Details
https://barclays-grads.twinea… OpenPhish		Details

Legitimate Barclays URLs always end in barclays.co.uk (e.g. www.barclays.co.uk, account.barclays.co.uk). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not Barclays.
The padlock icon proves TLS is active, not that the site is safe. Free DV certificates are issued to attackers in minutes; every active site listed above has a valid TLS certificate.
If you got the link from email, SMS, or social media, do not click it. Open barclays.co.uk from your browser bookmark or type the domain manually.
Real Barclays pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.