Outline Email purporting to be from the UK's Halifax Bank claims that new online banking
authentication procedures are being introduced and that customers must therefore follow a link and confirm their online banking details.
The email is not from Halifax. The message is a phishing scam designed to steal Halifax login and banking details from recipients.
Subject: IMPORTANT - Halifax Online Service Message
Please note that starting from March 23, 2012 we will be introducing new online banking
authentication procedures in order to protect the private information of all online banking users.
You are required to confirm your online banking details with us as you will not be able to
have access to your accounts until this has been done.
As you're already registered for online banking all you need to do is to confirm
your online banking details.
Confirm your details
Once you've completed this you'll be able to manage your money whenever you want,
giving you more control of your finances.
Halifax Online Service
This email, which purports to be from UK based banking group Halifax, claims that, due to the introduction of new online banking authentication procedures, customers must confirm their online banking details by clicking a link and supplying the requested information.
However, the email is certainly not from Halifax and the claim that customers are required to upgrade their details is a lie. In fact, the message is an attempt by cybercriminals to trick Halifax customers into handing over their personal and financial information. Those who fall for the ruse and click the link will first be taken to a fake web page designed to resemble the genuine Halifax online banking website.
Victims will first be asked to "login" on the fake site by entering their username and password. Next, they will be asked to fill in a form that requests their name and contact details, their telephone banking PIN, their date of birth and the "Memorable Information" (account recovery question) attached to the account. But, when victims finish filling in the form and click the "submit" button, all of the information they have supplied - including their login details - will be sent directly to the scammers. Armed with this information, the scammers can then hijack their victim's account, transfer or withdraw funds and conduct other fraudulent activities at will. And, since they have procured the victim's telephone banking pin, they can also conduct fraudulent transactions via phone banking.
The fake email and bank website include Halifax logos, graphics and formatting to make them appear genuine. To further the illusion, the victim is automatically taken to the real Halifax website after completing the fake form.
The example discussed here is only one of many such phishing scams that have targeted Halifax customers. Details in the scam emails may vary. Be very cautious of any email claiming to be from Halifax that asks you to click a link or open an attachment in order to supply personal and financial information. Halifax has published information about such phishing attempts on its website.