There are a few common subjects in a phishing attempt that relate to PayPal, your Bank or Credit Card, with a message saying some thing like :
- We’re improving your current account
- UPDATE NOTIFICATION.
- There have been unauthorised or suspicious attempts to log in to your account, please verify
- Your account has exceeded its limit and needs to be verified
- Your account will be suspended !
- You have received a secure message from < your bank>
- New Secure Message
- We are unable to verify your account information
- Update Personal Information
- Urgent Account Review Notification
- We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address
- Confirmation of Order
Today’s example is an email received with a subject of UPDATE NOTIFICATION pretending to come from Lloyds plc <firstname.lastname@example.org>. Mobile apps and mobile banking is the new big thing and banks are encouraging users to use mobile banking, so we get used to seeing these sort of emails and just don’t bother to read them properly. We either ignore them completely because we are just not interested in mobile banking or we get so fed up with eth reminders that we blindly click, just because we are fed up.
This one only wants your personal bank log in details in order to steal all your money. Many of them are also designed to specifically steal your email, facebook and other social network log in details.
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.
The original email looks like this, It will NEVER be a genuine email from Your bank, or any other financial body so don’t ever follow the link or fill in the html ( webpage) form that comes attached to the email.
Dear Valued Customer,
The update to our mobile banking app for iPhone and Android users is coming this summer.
We’ve made some big improvements, so it’s easier and quicker to use – with enhanced security. You’ll need an up-to-date phone number so you can complete device registration the first time you use it.
Please ensure your phone numbers are up to date today by checking your details now.
CHECK MY DETAILS NOW
Lloyds Bank plc
Lloyds Bank plc is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 119278. Authorisation can be checked on the Financial Services Register at www.fca.org.uk. Lloyds Bank plc is a member of the Financial Services Compensation Scheme and the Financial Ombudsman Service. We subscribe to the Lending Code; copies of the Code can be obtained from www.lendingstandardsboard.org.uk.
Lloyds Bank plc Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales No. 2065.
If you are unwise enough to follow the link which goes to http://toxicwingsli.com/op.htm and then redirects your to http://joelcomm.net/wp-content/l10yds/1e9644d8cb4d7dc77c5770ae1b84b3fa/ you see a webpage looking very like the genuine Lloyds log in page, look carefully at the url in the top bar and you can see it isn’t Lloyds at all but a fake site :
If you still haven’t realised that it is a phishing attempt and give them your username & password, you will be sent to the next page which asks for your memorable information. You then get bounced on to the genuine Lloyds Bank site
All of these emails use Social engineering tricks to persuade you to follow the links or open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.