04 Sep Sophisticated Phishing Scam Targeting Lloyds Bank Customers
Lloyds Bank customers are being targeted by a sophisticated email and SMS messaging phishing campaign, according to an investigation by law practice Griffin Law.
An estimated 100 people have reported receiving fake communication purporting to be from Lloyds, which is one of the largest banks in England and Wales.
In the email scam, a realistic-looking email using Lloyds logos and branding is distributed containing the subject header: “Alert: Document Report – We noted about security maintenance.” The message, which has spelling errors and some Chinese characters, claims that the recipient’s bank account has been compromised, stating: “Your Account Banking has been disabled, due to recent activities on your account, we placed a temporary suspension until you verify your account.”
Users are then redirected to a fraudulent site called Lloyds[Dot]bank[Dot]unusual-login[Dot]com, which attempts to trick visitors into believing it is legitimate through the use of official branding. The site then requests customers’ log-in details including passwords, account information and security codes and other person data.
In the SMS version of the scam, people received a text attempting to entice them into visiting the same fraudulent site. It says: “ALERT FROM LLOYDS: New device attempted to set up a payee to XXX. If this was NOT you, visit: Lloyds[Dot]bank[Dot]unusual-login[Dot]com.”
In a tweeted response to a user who informed them they had received the scam email, Lloyds Bank said: “This isn’t a genuine message from us; it’s a scam. If possible, could you please forward this email or text message to us at: firstname.lastname@example.org.”
Commenting on Griffin Law’s discovery, Chris Ross, SVP at Barracuda Networks, said: “Hackers often hijack the branding of legitimate companies in order to steal confidential financial data from unsuspecting victims.
“These scams can be very convincing, making use of official logos, wording and personalised details to lull the individual into a false sense of security. In most cases, the victim will be directed to a fraudulent but realistic looking website, where they are urged to enter account details, passwords, security codes and PIN numbers.
“Phishing attacks like this pose a huge risk both to individuals and the companies they work for, especially if hackers gain access to a business bank account. Tackling this problem requires robust policies and procedures as well as the latest email security systems in place to identify and block these scams before they reach the inbox.”
How can we help?
Here at VaraTech, we offer a broad range of IT support and consultancy services that aim to help small businesses extract maximum value from their IT. From proactive network monitoring/maintenance and hardware leasing to Cloud services, VoIP telephony and much more, we help our clients identify and roll-out the best-fit solutions for their businesses.
We’re cloud computing experts! We can help your business leverage the potential of some of the most empowering Cloud services, such as Microsoft 365. Why not get in touch today, to discover how the flexibility, scalability cost-efficiency, convenience and security of Cloud services can help your business realise its potential.