Issue 128 - April 2012 (1st Edition) - Page 8
Halifax Bank Phishing Scam
Email purporting to be from the UK's Halifax Bank claims that new online banking
authentication procedures are being introduced and that customers must therefore follow a link and confirm their online banking details.
The email is not from Halifax. The message is a phishing scam designed to steal Halifax login and banking details from recipients.
Detailed analysis and references below example.
Last updated: 26th March 2012
First published: 26th March 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: IMPORTANT - Halifax Online Service Message
Please note that starting from March 23, 2012 we will be introducing new online banking
authentication procedures in order to protect the private information of all online banking users.
You are required to confirm your online banking details with us as you will not be able to
have access to your accounts until this has been done.
As you're already registered for online banking all you need to do is to confirm
your online banking details.
Confirm your details
Once you've completed this you'll be able to manage your money whenever you want,
giving you more control of your finances.
Halifax Online Service
This email, which purports to be from UK based banking group Halifax, claims that, due to the introduction of new online banking authentication procedures, customers must confirm their online banking details by clicking a link and supplying the requested information.
However, the email is certainly not from Halifax and the claim that customers are required to upgrade their details is a lie. In fact, the message is an attempt by cybercriminals to trick Halifax customers into handing over their personal and financial information. Those who fall for the ruse and click the link will first be taken to a fake web page designed to resemble the genuine Halifax online banking website.
Victims will first be asked to "login" on the fake site by entering their username and password. Next, they will be asked to fill in a form that requests their name and contact details, their telephone banking PIN, their date of birth and the "Memorable Information" (account recovery question) attached to the account. But, when victims finish filling in the form and click the "submit" button, all of the information they have supplied - including their login details - will be sent directly to the scammers. Armed with this information, the scammers can then hijack their victim's account, transfer or withdraw funds and conduct other fraudulent activities at will. And, since they have procured the victim's telephone banking pin, they can also conduct fraudulent transactions via phone banking.
The fake email and bank website include Halifax logos, graphics and formatting to make them appear genuine. To further the illusion, the victim is automatically taken to the real Halifax website after completing the fake form.
The example discussed here is only one of many such phishing scams
that have targeted Halifax customers. Details in the scam emails may vary. Be very cautious of any email claiming to be from Halifax that asks you to click a link or open an attachment in order to supply personal and financial information. Halifax has published information
about such phishing attempts on its website.
Phishing Scams - Anti-Phishing Information
Halifax - Phishing
Pages in this issue:
- ECU Australia 'Unauthorized Credit Card Use' Phishing Scam
- 'Daddy it Hurts' Anti-Child Abuse Chain Letter
- False Protest Message Claims Pastor Youcef Nadarkhani Has Been Executed
- Westpac 'Quick Survey' Phishing Scam
- eBay 'Please Confirm Your Identity'Phishing Scam
- Taylor Siders Missing Teen Alert - (Taylor Has Now Been Found)
- Flower And Wine Delivery Credit Card Scam Warning
- Halifax Bank Phishing Scam
- Facebook Survey Scam - Free Pair of Toms Shoes
- Adobe Acrobat Upgrade Phishing Scam Emails
- Misleading Protest Message Decries 'Ban' on Help For Heroes Armbands
- Chrome Extension Timeline Removal Tip
- Social Media Driven Hope Barbie Campaign