Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 137 - August 2012 (2nd Edition) - Page 29

Lloyds TSB 'New Banking Authentication' Phishing Scam

Issue 137 Start Menu

Previous Article            Next Article

Outline
Email that appears to originate from UK retail bank Lloyds TSB claims that new banking authentication procedures are being implemented and recipients must therefore confirm their banking details by clicking an included link or risk losing access to their accounts.



Brief Analysis
The email was not sent by Lloyds TSB and is not a legitimate banking notification. The message is a scam that attempts to trick the bank's customers into handing their personal and financial details to cyber crooks.

Bookmark and Share
Detailed analysis and references below example.





Scroll down to submit comments
Last updated: August 1, 2012
First published: August 1, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

Subject: Your Attention Is Needed From LloydsTSB Bank

Dear Customer,

Please note that starting from this month
we will be introducing new online
banking authentication procedures in order to
protect the private information of all online
banking users.

You are required to confirm your online
banking details with us, as you will not be
able to have access to your accounts until this has
been done.

Confirm your account now to continue banking with
us

Thank You

LloydsTSB Bank




Detailed Analysis
This email, which has been created so that it appears to originate from UK banking group Lloyds TSB, notifies recipients that new banking authentication procedures will soon be introduced. According to the message, these new procedures will help protect the privacy of online banking users. The email claims that, because of these impending changes, Lloyds TSB customers must confirm their banking details by following a link in the message. But, warns the message, customers will not be able to access their online accounts until their details have been confirmed.

In fact, the email has no connection whatsoever with Lloyds TSB and is certainly not a legitimate banking notification message. In fact, the message is a phishing scam. By creating a message that appears to be a legitimate banking notification, the criminal perpetrators of this scam attempt hope to fool unwary Lloyds TSB customers into divulging sensitive personal and financial information.

Bank customers who are fooled by the fake email and click the email link will first be taken to a bogus webpage and asked to enter their bank login details. The page is designed by its criminal creators to closely mimic the real Lloyds TSB login page. Once victims have logged in on the fake page, they will then be presented with an account confirmation form hosted on a second fake page that asks for name, address and identification details as well as credit card and banking information. If victims provide all of the requested information and hit the "submit" button, they will then receive a final message informing them that their account confirmation has been successfully completed.

Alas, all of the information submitted on the fake web pages will be harvested by the criminals and used to commit bank and credit card fraud and identity theft. Because the criminals now have the login credentials supplied by their victims, they can go to the real Lloyds TSB website and gain access to the compromised accounts at will.

This is a typical phishing scam the likes of which I have discussed many times before on these pages. Unfortunately, despite many warnings about such scams online and even in the mainstream media, people all around the world continue to get taken in by phishing scams just like this one. Phishing scammers use many and varied cover stories to disguise their nefarious intentions. Internet users should be very wary of any email that claims they must update, confirm or verify account information by clicking a link or opening an attached file. Real organizations are unlikely to make such a request to customers via a generic and unsolicited email like the example shown above.

As a simple safety precaution, users should always login to any of their online accounts by typing the account website address into their browser's address bar.

Bookmark and Share

References

Phishing Scams - Anti-Phishing Information
Lloyds TSB Phisher Scam

Previous Article            Next Article

Issue 137 Start Menu

Pages in this issue:
  1. Anti Text-Driving Message - Car Wedged Under Truck Image
  2. Nationwide Phishing Scam Emails
  3. Faux Image - Double Sunset on Mars
  4. Microsoft Cyber-Crime Department Phishing Scam
  5. Does A Photo Depict A Puppy Being Forced to Drink Vodka?
  6. Post Circulating Claims Hotel Made Disabled US Veteran Crawl Down Stairs
  7. AFL vs NRL - Wrongdoings of Australian Members of Parliament Hoax
  8. Three.co.uk Phishing Scam
  9. Another Facebook Sick Baby Hoax - Baby With Brain Cancer
  10. Circulating Opinion Piece - 'Democratic, Republican Liberal-Progressive's Worst Nightmare'
  11. Fake Three (Or Seven) Headed Snake Image
  12. Misleading Health Advice Email - 'Mayo Clinic on Aspirin and Heart Attacks'
  13. Facebook Survey Scam - Free Argos Gift Card
  14. 'Email Deactivation Warning' Phishing Scam
  15. Anti-Obama Youtube Video Compiles Multiple Conspiracy Theories
  16. Fake AT&T Bill Emails Point To Malware
  17. Messages Claim Coca Cola to be Banned In Bolivia
  18. 'Free Apple Product' Text Message Survey Scam
  19. Circulating Warning - Facebook May Close Down Animal Rescue Account'
  20. 2012 FIFA World Cup Online Lottery Advance Fee Scam
  21. Email Claiming US Gold Medal Gymnast Gabrielle Douglas Faces Lifetime Ban Used to Spread Malware
  22. Bigpond Security Service Phishing Scam
  23. Wrestling Star John Cena is NOT Dead
  24. Hoax - NASA Predicts Total Blackout of Planet in Dec 2012
  25. Wrestling Star Undertaker is NOT Dead
  26. Colin And Chris Weir Donation Programme Advance Fee Scam
  27. US EPA Regulations Force Power Plant Closures
  28. 'View Facebook Followers' Scam Targets Twitter Users
  29. Lloyds TSB 'New Banking Authentication' Phishing Scam
  30. Faux Image - Pilots Protesting Chemtrails
  31. Telstra Bill Account Update Phishing Scam
  32. McDonald's Signboard Supporting Chick-Fil-A
  33. ABSA 'Authorized EFT Payment Received' Phishing Scam
  34. Hoax Picture - Obama Holding Phone Upside Down
  35. 'eBay Item Not Received' Phishing Scam Email
  36. Wells Fargo 'Security Check' Phishing Scam
  37. False Warnings - 'Cleaning out Friends List' Questions on Facebook Contain Viruses or are Posted by Hackers