Lloyds TSB Phishing Scam
Tuesday, August 7, 2007
One of my email accounts has been hit by multiple, and identical, phishing scam messages that target UK banking group, Lloyds TSB. The scam message claims that there has been unauthorised use of online accounts and instructs recipients to click a link and "confirm" their online banking information.
However, clicking the link opens a bogus "login" web page designed to closely resemble the genuine bank website (see screen shot below). Victims who are fooled into logging on to the fake page will be in fact handing over their login details to identity thieves. Subsequent bogus pages will request further personal information that can also be harvested by scammers.
Phishing scammers regularly target financial institutions such as Lloyds TSB. If you receive any unsolicited email from a bank or other institution that asks you to click an included link and provide sensitive personal information, then you should view the message with the utmost suspicion. If you have any doubts at all about the veracity of the email, contact the institution directly to check.
For more information about phishing scams, see:
Phishing Scams - Anti-Phishing Information
Lloyds TSB has also published information about scam emails on its website.
An example of the scam email:
Subject: Unauthorised use of Lloyds TSB
Lloyds TSB has been receiving complaints from our customers for unauthorised use of the Lloyds TSB Online accounts. As a result we are making an extra security check on all of our Customers account in order to protect their information from theft and fraud.
Due to this, you are requested to follow the provided steps and confirm your Online Banking details for the safety of your Accounts. Please Click Here To Start .
However, Failure to do so may result in temporary account suspension. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
Thanks for your co-operation.
Fraud Prevention Unit
A screen shot of the fake login page:
posted by Brett Christensen @ 5:03 PM,