In the last couple of weeks there have been a handful of emails that have arrived in my inbox, requesting that I login in to “my” Halifax bank account (I double quote “my” as I don’t have an account with them) and update my details. The apparent reasons being that there have been updates and also that “my” account is unavailable, therefore me logging in will fix it (how does one login in to an inaccessable account?).
Of course, these emails haven’t been from the bank, rather from scammers that are out phishing for personal information (mother’s maiden name, address, passwords etc).
I have already mentioned that I don’t have an account with the Halifax but I am more than happy to forward any suspicious emails along to their security department. In fact, I will always forward phishing emails to any organisation that scammers are targeting, in the hope that they can be closed down as quick as possible. I would like to think most people will as well.
Time is of the essence when dealing with these phishing sites. The longer a site is allowed to stay on line, the more opportunities the scammer has to capture details of the unwitting customer who furnishes them with the information they are looking for.
As much as the shutting down of these phishing sites is a consumer of time and energy, it is the responsibility of the targeted organisation to have these pages removed from the Internet as soon as possible. In this instance, as a bank, Halifax should be protecting, if nothing else, the customers money. However, they are not looking after their account holders when they fail to shutdown a phishing site that has been online for over 48 hours.
Timeline
29 Mar 2008 11:35 – Phishing email arrived in my inbox
30 Mar 2008 02:12 – I checked email and forwarded it to Halifax security
30 Mar 2008 08:09 – I receive an automated reply from the bank
31 Mar 2008 15.00 – Phishing site still online
The scammer(s) have even hot-linked the images from halifax-online.co.uk, which is an easy situation to fix. Not that it would stop a phishing site but it does mean more work for the perpetrators of these crimes, in that they would have to download them all to create their pages.
Perhaps this lack of care comes from the fact that they (Halifax), have an online fraud guarantee. This guarantee fully reimburses people if they lose money through online fraud. However, someone has to pay for this and mostly likely the costs ultimately end up being passed on to the customers.
Come on Halifax, time to get your act together & clamp down on this issue.
