Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Lloyds TSB 'New Banking Authentication' Phishing Scam

Outline
Email that appears to originate from UK retail bank Lloyds TSB claims that new banking authentication procedures are being implemented and recipients must therefore confirm their banking details by clicking an included link or risk losing access to their accounts.



Brief Analysis
The email was not sent by Lloyds TSB and is not a legitimate banking notification. The message is a scam that attempts to trick the bank's customers into handing their personal and financial details to cyber crooks.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:






Last updated: August 1, 2012
First published: August 1, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

Subject: Your Attention Is Needed From LloydsTSB Bank

Dear Customer,

Please note that starting from this month
we will be introducing new online
banking authentication procedures in order to
protect the private information of all online
banking users.

You are required to confirm your online
banking details with us, as you will not be
able to have access to your accounts until this has
been done.

Confirm your account now to continue banking with
us

Thank You

LloydsTSB Bank




Detailed Analysis
This email, which has been created so that it appears to originate from UK banking group Lloyds TSB, notifies recipients that new banking authentication procedures will soon be introduced. According to the message, these new procedures will help protect the privacy of online banking users. The email claims that, because of these impending changes, Lloyds TSB customers must confirm their banking details by following a link in the message. But, warns the message, customers will not be able to access their online accounts until their details have been confirmed.

In fact, the email has no connection whatsoever with Lloyds TSB and is certainly not a legitimate banking notification message. In fact, the message is a phishing scam. By creating a message that appears to be a legitimate banking notification, the criminal perpetrators of this scam attempt hope to fool unwary Lloyds TSB customers into divulging sensitive personal and financial information.

Bank customers who are fooled by the fake email and click the email link will first be taken to a bogus webpage and asked to enter their bank login details. The page is designed by its criminal creators to closely mimic the real Lloyds TSB login page. Once victims have logged in on the fake page, they will then be presented with an account confirmation form hosted on a second fake page that asks for name, address and identification details as well as credit card and banking information. If victims provide all of the requested information and hit the "submit" button, they will then receive a final message informing them that their account confirmation has been successfully completed.

Alas, all of the information submitted on the fake web pages will be harvested by the criminals and used to commit bank and credit card fraud and identity theft. Because the criminals now have the login credentials supplied by their victims, they can go to the real Lloyds TSB website and gain access to the compromised accounts at will.

This is a typical phishing scam the likes of which I have discussed many times before on these pages. Unfortunately, despite many warnings about such scams online and even in the mainstream media, people all around the world continue to get taken in by phishing scams just like this one. Phishing scammers use many and varied cover stories to disguise their nefarious intentions. Internet users should be very wary of any email that claims they must update, confirm or verify account information by clicking a link or opening an attached file. Real organizations are unlikely to make such a request to customers via a generic and unsolicited email like the example shown above.

As a simple safety precaution, users should always login to any of their online accounts by typing the account website address into their browser's address bar.

Bookmark and Share



References

Phishing Scams - Anti-Phishing Information
Lloyds TSB Phisher Scam

Last updated: August 1, 2012
First published: August 1, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer