A new Lloyds Bank phishing scam has been found by security researchers. The UK financial institution’s customers are being focused on just before Christmas with a highly realistic email, apparently shared from Lloyds Banking Group. Christmas is a time when people are not as security conscious. Its busy at work, there is much to do, and minds are typically on Turkey, holidays, and rushing to get last minute preparations finished.
The email includes the very same font, logo, and styling that are used on the real online banking portal, meaning that this campaign is one of the most realistic online banking phishing scams we have witnessed.
The most recent Lloyds Bank phishing scam is very basic. It is brief and to the point, and has been designed to make users visit the link and signing into their account to review their bank balance.
All that the email states, is “You have One New Message. Your account has been accessed in multiple locations. Click below to update your Lloyds Bank Account, with a hyperlink using the anchor text “Sign In.” There are no grammatical mistakes to warn users that the email is anything but authentic.
In fact, even browsing as far as the sign in link is unlikely to arouse suspicion. The link will bring the soon-to-be victim to a website including an exact copy of the Lloyds Bank portal that customers will be very familiar with. All of the text is authentic, and the website features apparently clickable links in all the right places. It is an almost complete replica of the real site.
Only if a user decides to click on any of the links will they realize something is not quite correct. The hackers have only captured an image of the real site. However, none of the links actually clickable.
But then again, after the recipient of the email has been issued a warning telling them their account is in danger, they are unlikely to suddenly opt to check the latest mortgage rates or take out a loan.
The only part of the website that works is the section where users are asked to enter their user ID, password, and memorable word. Once the details have been submitted, the victim will be taken to Lloyds. That may lead to suspicion when their login attempt did not work, but the hackers hope that few will opt to change their password when they realize their account has not been infiltrated.
The hackers are likely to act swiftly. Once they have a User ID, password, and memorable word, they have the basic data required to access the account. That data may not be enough to obtain access to the account and make a fraudulent money transfer. If not, it will be used to conduct additional spear phishing email to attempt to get the answer to a security query. If the victim was fooled by the first campaign, chances are they will be tricked by another.
There is only one other tell tale sign that this is a Lloyds Bank phishing scam. The URL is not lloydsbank.com.
The scam emphasises that the importance of reviewing the URL before entering any login credentials and checking to make sure the site address begins with https://. This site is clearly not authentic and has no green padlock, indicating something is not right to anyone even casually checking the web address. However, not all online banking clients will do that when the website appears to look authentic.