Clydesdale Bank is one of the UK’s smaller banks and I don’t frequently see phishing attempts against it, but the evil scum who do perform these phishing attacks will try all & every banks they can find.
The original email looks like this. It will NEVER be a genuine email from PayPal or Your Bank so don’t ever follow the links or fill in the html ( webpage) form that comes attached to the email.
Date: Fri 08/07/2016 06:37
Subject: New Message (Security Updates Notification)
Attachment: None, links in body of email
Dear Clydesdale customer, During our regularly scheduled account maintenance and verification procedures, we detected a slight error in your account information. This might be due to either of the following reasons: 1. A recent change in your personal information ( i.e.change of address). 2. Submiting invalid information during the initial sign up process.
Due to this, we require you to confirm and verify your account information by: Click here If your account information is not confirmed and verified within a certain period of time then your ability to access your account would become restricted. Thank you Clydesdale is covered by the Financial Services Compensation Scheme (FSCS)
The link in this case goes to http://cbonlin.org.uk/raluV9/login-ctl/ the genuine bank log in page for a forgotten log in details is https://home1.cbonline.co.uk/raluV8/reglm-web/register.ctl?begin=telephoneBankingIdentification Note the missing E on the phishing link, which many users would not realise is missing.
Update: the hosting company one.com took down the phishing site that was put up with the sole intention of fraud, within 30 minutes of being notified. I wish all hosting companies were so quick and efficient in removing fraud, scams & phishing.
The phishing page looks like:
Which is a typical phishing page that looks very similar to a genuine Clydesdale Bank lost or forgotten account details page , if you don’t look very carefully carefully at the URL in the browser address bar
The genuine page looks like this, where the obvious difference is the green address bar showing a secure site that does not happen in the phishing page ( with Internet Explorer.) Unfortunately this is a case where using Firefox or Chrome puts you at higher risk, because all they show is part of the address bar in green, but if you have les than perfect eyesight or a less than perfect screen, you won’t notice the green at all. :
This is the same site in Chrome, which is much harder to see the green URL bar
And this one is Firefox, which is even harder to see
This one wants your personal details, your account log in details and your credit card and bank details. Many of them are also designed to specifically steal your email, facebook and other social network log in details.
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email or click the link in the email . Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.