Public Service Announcements Keeping the public informed of what is wrong in the world

May 10, 2008

(Important Update From Natwest Bank Plc) – Phishing Email Scam

Filed under: Phishing — Tags: , , — admin @ 3:16 pm

A NatWest email phishing for account details.

If you recieve a similair email, you can report it by calling NatWest on 0845 605 0789 or forward the suspect e-mail to phishing@natwest.com

BTW. the “Proceed” button has been disabled in the following email body.

 ~~~

  • subject (Important Update From Natwest Bank Plc)
  • mailed-by freeolaweb0.freeola.net

ONLINE BANKING

Secure Your Internet Banking Dear Natwest Bank Customer, Recently there have been a large number of identity theft attempts targeting Natwest Bank Customers.In order to safeguard your account,we require that your banking details. This process is mandatory,and if not completed within the nearest time your account may be subject to temporary suspension. To serurely confirm your Natwest Bank Account details please click on the PROCEED botton.

 

 

 

 

 

 

 

**** This is an automated message, please do not respond ****

 

 

 

 

 

 

?2008 Natwest Bank. All Rights Reserved. No recipient addresses found in header


###

 

April 29, 2008

Alert-You Have 1 New Secure Message – Halifax Phishing Email

Filed under: Phishing — Tags: , — admin @ 3:22 pm

After a lull in the number of phishing emails recently, today I received an email masquerading as being from Halifax. However, the link takes you to a hacked directory site – http://www.directorymember.us/include/formslogin.htm.

Email forwarded to: security@hbosplc.com at 16.07 (GMT +1) 29 Apr 2008.

For those wishing to see the email body for comparison to any messages you may have received, the content is below.

~~~

Dear Online Account Holder,

Access To Your Account Is Currently Unavailable .

Please click the link below to restore your account access.
RESTORE YOUR ACCOUNT ACCESS .

Thank you.
Customer Service
(c) Halifax Online Banking

###

April 12, 2008

Error Detected in Your Account Information (3) – Halifax Phishing Email

Filed under: Phishing — Tags: , , — admin @ 11:07 am

Having gone a couple of quiet weeks on the Halifax Bank phishing emails, today one turned up in my inbox. Thankfully, due to the incompetence of this scammer, they have failed to make the link clickable to the webpage they have created. However, Halifax need to still get on an shut it down ASAP.

Email forwarded to: security@hbosplc.com at 11.30 (GMT +1) 12 MAr 2008.

FYI, here is the content of the phishing email;

~~~

Dear Online Account Holder,

Access To Your Account Is Currently Unavailable .

Please click the link below to restore your account access.
RESTORE YOUR ACCOUNT ACCESS .
Thank you.
Customer Service
(c) Halifax Online Banking

###
This is the link on the compromised domain: http://mondocad.ro/fax2/fax/formslogin.htm. As always, DO NOT follow this link and fill out any personal data. The link is here purely for people to compare with any suspicious emails they may receive & to monitor the uptime.

April 4, 2008

Review Your Account Activity – Abbey Phishing Email

Filed under: Phishing — Tags: , , — admin @ 1:36 pm

~~~

  • from ABBEY BANK <activity.alert@abbey.co.uk>
  • subject Review Your Account Activity

Subject : My account standings

Dear Valued Customer:

We have currently updated our online banking SSL server for better and secure online banking activities. It has come to our attention that you have not recently updated your online access.We are proactively notifying you of this activity so as to update your online access in our new ssl server. Failure to do this will result to limited online banking services.Follow the online services link below to update your online access.

https://myonlineaccounts2.abbeynational.co.uk/CentralLogonWeb/


Customer Support,
Abbey Bank Plc.

###

March 31, 2008

Halifax Fails To Shutdown Phishing Site

Filed under: News,Phishing — Tags: , — admin @ 2:08 pm

In the last couple of weeks there have been a handful of emails that have arrived in my inbox, requesting that I login in to “my” Halifax bank account (I double quote “my” as I don’t have an account with them) and update my details. The apparent reasons being that there have been updates and also that “my” account is unavailable, therefore me logging in will fix it (how does one login in to an inaccessable account?).

Of course, these emails haven’t been from the bank, rather from scammers that are out phishing for personal information (mother’s maiden name, address, passwords etc).

I have already mentioned that I don’t have an account with the Halifax but I am more than happy to forward any suspicious emails along to their security department. In fact, I will always forward phishing emails to any organisation that scammers are targeting, in the hope that they can be closed down as quick as possible. I would like to think most people will as well.

Time is of the essence when dealing with these phishing sites. The longer a site is allowed to stay on line, the more opportunities the scammer has to capture details of the unwitting customer who furnishes them with the information they are looking for.

As much as the shutting down of these phishing sites is a consumer of time and energy, it is the responsibility of the targeted organisation to have these pages removed from the Internet as soon as possible. In this instance, as a bank, Halifax should be protecting, if nothing else, the customers money. However, they are not looking after their account holders when they fail to shutdown a phishing site that has been online for over 48 hours.

Timeline

29 Mar 2008 11:35 – Phishing email arrived in my inbox
30 Mar 2008 02:12 – I checked email and forwarded it to Halifax security
30 Mar 2008 08:09 – I receive an automated reply from the bank
31 Mar 2008 15.00 – Phishing site still online

The scammer(s) have even hot-linked the images from halifax-online.co.uk, which is an easy situation to fix. Not that it would stop a phishing site but it does mean more work for the perpetrators of these crimes, in that they would have to download them all to create their pages.

Perhaps this lack of care comes from the fact that they (Halifax), have an online fraud guarantee. This guarantee fully reimburses people if they lose money through online fraud. However, someone has to pay for this and mostly likely the costs ultimately end up being passed on to the customers.

Come on Halifax, time to get your act together & clamp down on this issue.

Older Posts »

Powered by WordPress