Lloyds Bank Phishing Campaign Identified

A Lloyds Bank phishing scam has been uncovered that involved the UK bank’s customers being targeted before the Christmas period.

The emails sent were very realistic email, appearing as though sent from Lloyds Banking Group. Christmas is a time when people let their guard down. Its busy at work, there is much to be completed, and minds are invariably on Turkey, holidays, and rushing to get last minute preparations finished.

The email appear authentic as it includes the exact same font, logo, and styling that are used on the real online banking portal, making the campaign one of the most believable online banking phishing scams we have witnessed.

The phishing scam is very straightforward. It is short and to the point, and has been designed to scare users into clicking on the link and signing into their account to review their bank balance.

All that the email says, is “You have One New Message. Your account has been logged onto in a few different locations. Click below to update your Lloyds Bank Account, with a hyperlink using the anchor text “Sign In.” There are no spelling errors or grammatical wrongs to warn users that the email is anything but authentic.

IJust clicking the sign in link is unlikely to lead to suspicion. The link will take browsers to a website containing an exact copy of the Lloyds Bank portal that customers will be very familiar with. All of the text is genuine, and the website features apparently clickable links in all the correct places. It is an almost exact replica of the real website.

Only if a user opts to click on any of the links will they realize something is not quite right. The hackers have only taken an image of the real site. They have not attempted to make any of the links properly clickable.

But then again, after the recipient of the email has been given a warning telling them their account is in danger, they are unlikely to suddenly decide to check the latest mortgage rates or take out a loan.

The only section of the website that works is the section where users are asked to enter their user ID, password, and memorable word. Once the details have been entered, the victim will be sent to Lloyds. That may lead to suspicion when their login attempt did not work, but the cyber criminals hope that few will bother to change their password when they realize their account has not been impacted.

The hackers are likely to act promptly. Once they have a User ID, password, and memorable word, they have the basic detaiks necessary to access the account. That information may be sufficient to obtain access to the account and make a fraudulent transfer. If not, it will be used as the basis for another spear phishing email to try and get the answer to a security question. If the victim fell for the first campaign, chances are they will fall for a different one. Another giveaway is that the URL is not lloydsbank.com.

The scam emphasises the importance of reviewing the URL before entering any login details and checking to make sure the site address starts with https://. This site is clearly not real and has no green padlock, indicating something is wrong to anyone even casually checking the web address. However, not every single online banking customer will do that when the website appears to be realistic.

Link copied to clipboard
Photo of author

Posted by

Elizabeth Hernandez

Elizabeth Hernandez is a news writer on Defensorum. Elizabeth is an experienced journalist who has worked on many publications for several years. Elizabeth writers about compliance and the related areas of IT security breaches. Elizabeth's has a focus data privacy and secure handling of personal information. Elizabeth has a postgraduate degree in journalism. Elizabeth Hernandez is the editor of HIPAAZone. https://twitter.com/ElizabethHzone