Phishers Attack Accountholders of a Major UK Bank

A spurious campaign trying to steal the online details of Lloyds TSB Bank's customers is highlighted in the most recent E-Threats Landscape Report from BitDefender.

In the attack, phishers send a simple looking but crafty unsolicited e-mail that directs recipients (customers) to click on a given web-link and verify personal account details.

However, instead of the actual e-banking website, the link leads customers to a website whose pages use a number of symbolic identification elements that relate to the real site. Along with the normal formatting components, the site uses the logo of Lloyds TSB but that appears slightly hazy and disproportionate.

The online thieves appear to be interested only in the usernames and passwords that they manage to gather through login.php script, while they lift the memorable data via login1.php script.

Unsurprisingly, certain parts of the e-mail scam are faulty. For example, despite each of the menu options being available, pressing on any of them displays a message saying "404 Page Not Found." Furthermore, it is clear that the URL address posing as the actual URL, in reality is hosted on a domain of a Brazilian registrant as the suffix shows .br instead of .com.

There is an absence of the normal security elements which one expects on an online banking website such as Secure Socket Layer (SSL) encryption, a locked padlock and a prefix devoid of 'https.'

Meanwhile, authorities have warned that there is a sharp increase in the volume and sophistication of phishing attempts to grab bank account information of customers that include passwords, account numbers and PINs by sending random phishing e-mails to millions of users.

Besides, APACS, the organization which processes payment, reported during June, 2009 that it had found a total of 14,369 separate forms of phishing messages during Q1 2009, an increase from 10,235 in Q1 2008.

Furthermore, many of the phishing messages appear to have been hitting Lloyds TSB banks in the recent period. In a similar news came during February 2009, the e-mail scams tried to trick the bank's accountholders into revealing their banking details. Some e-mails even had viruses in the guise of web-links.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 7/8/2009