December 13, 2004

Halifax targeted by phishing scam

by brian_turner

Halifax Internet Banking has become the latest target in a range of phishing and trojan attacks aimed at British banks. In a mass e-mail sent at 7am GMT, the e-mail contains a link to a site that fraudulently tries to trick the surfer into thinking they are on a valid Halifax internet banking website – and records their otherwise secret internet banking login details. The site also has a trojan embedded in the page, for stealing further user password information for other sites the surfer may use that require a personal login.

Like most phishing e-mails, the user is not addressed by their customer name. However, as phishing are aimed at general users, although the more web-savvy surfer may be able to spot the phishing attack, there is bound to be a wide consumer base very vulnerable to phishing as a method for fraud.

It remains a glaring point of note that no bank I am a member of has ever issued a letter to me, warning of the dangers of phishing, and how to recognise an authenticate e-mail from the bank.

So long as the majority of banking customers have no idea what a phishing e-mail is or looks like, and so long as the major banks avoid addressing the issue openly with their customers, then this can only encourage further phishing attacks until finally addressed.

Although some banks do have warnings on their websites – for example, Halifax now has a warning graphic on their main page, and Barclays has small warning text at the foot of their home page – some banks don’t even mention the issue on their homepages – for example HSBC, Nationwide, and Yorkshire Bank. It appears that high street banks do not offer warnings on phishing dangers – until *after* they have been explictly targeted. Even then, as with the Barclays site, warnings are not very apparent. This is not enough

The problem is that the required warnings are not prominent enough, where used at all. What is required is a more concerted consumer awareness program to alert customers about the dangers of phishing. In my opinion, this can only comes from a letter from the bank itself, warning of the issue to internet banking customers.

This is a graphic of the e-mails ent out this morning:

halifax phishing attack

EDIT: The following day I received a phishing attack from Barclays -here’s an image of it. Note that the e-mail is not personalised – a clear indicator of phishing.

halifax phishing attack

Discuss this in the Internet Business forums

Story link: Halifax targeted by phishing scam


Leave a Reply


Previous: «
Next: »

Visited 11734 times, 2 so far today

Posted in: Internet