A new phishing scam, targeting Lloyds bank customers is currently in circulation, according to law practice Griffin Law’s investigation.
The attack initially targeted an estimated 100 victims, using both email and SMS messages to lure victims into entering their details into the system.
Throughout the email, convincing Lloyds branding and logos are used. The heading is perhaps not so convincing, it reads:
“Alert: Document Report – We noted about security maintenance.”
Despite containing a multitude of grammatical errors, spelling mistakes, and even some Chinese characters, the message went on to state that the user’s bank account had been compromised, that reads:
“Your Account Banking has been disabled, due to recent activities on your account, we placed a temporary suspension until you verify your account.”
Recipients of the email are then redirected to a fake website called “Lloyds[Dot]bank[Dot]unusual-login[Dot]com”, where login details including passwords, security codes, and other personal information are requested.
In the SMS version of this same attacks, victims receive a text tempting people to visit the same fraudulent site mentioned earlier. The message read “ALERT FROM LLOYDS: New device attempted to set up a payee to XXX. If this was NOT you, visit: Lloyds[Dot]bank[Dot]unusual-login[Dot]com.”
Lloyds responded to a user who reported the scam to them on Twitter. They said:
“This isn’t a genuine message from us; it’s a scam. If possible, could you please forward this email or text message to us at: email@example.com.”
Observing on the findings of Griffin Law, Chris Ross, SVP at Barracuda Networks, said:
“Hackers often hijack the branding of legitimate companies in order to steal confidential financial data from unsuspecting victims.
Phishing attacks like this pose a huge risk both to individuals and the companies they work for, especially if hackers gain access to a business bank account.
Tackling this problem requires robust policies and procedures as well as the latest email security systems in place to identify and block these scams before they reach the inbox.”
If you organisation was targeted for a phishing attack such as this one, do you think everyone in your organisation could spot the danger signs?
Find out in our Free Click-Prone® Test today.