There are a few common subjects in a phishing attempt that relate to PayPal, your Bank or Credit Card, with a message saying some thing like :
- We’re improving your current account
- UPDATE NOTIFICATION.
- There have been unauthorised or suspicious attempts to log in to your account, please verify
- Your account has exceeded its limit and needs to be verified
- Your account will be suspended !
- You have received a secure message from < your bank>
- New Secure Message
- We are unable to verify your account information
- Update Personal Information
- Urgent Account Review Notification
- We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address
- Confirmation of Order
- website changes
Today’s example is an email received with a subject of LloydsLink online website changes pretending to come from LloydsLink online <Hugo.Batzold@lloydslink.online.lloydsbank.com> We have been seeing these sort of emails for numerous banks recently. Many banks do change their web designs and features and do send emails to registered users to inform them. We get used to seeing these sort of emails and just don’t bother to read them properly. We either ignore them completely because we are just not interested or we get so fed up with the reminders that we blindly click, just because we are fed up.
This one only wants your personal bank log in details in order to steal all your money. Many of them are also designed to specifically steal your email, facebook and other social network log in details.
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.
The original email looks like this, It will NEVER be a genuine email from Your bank, or any other financial body so don’t ever follow the link or fill in the html ( webpage) form that comes attached to the email.
We would like to announce that the design of our website is going to change in the nearest future. The final changes will be applied on Monday, 18 of January 2016. Until the end of this week you can review the upcoming changes.
While mostly everything will function the same, the look and feel of our website will change.
We understand that this can be an adjustment so we have prepared some frequently asked questions for you to review.
- Will this redesign affect any of my saved bookmarks? Yes, all pages other than www.lloydslink.online.lloydsbank.com/Logon/Logon.xhtml will need to be re-bookmarked as the web address will change.
- Why did the design of the website change? We felt it was time to refresh the look and feel of LloydsLink online. You’ll see this new look across all marketing collateral.
- Does the way I sign into my account change? No, the way you sign into your account will not change. However, we have enhanced our security system to make it more difficult for an unauthorized person to access your account.
- I’m having issues accessing my account. What is the issue? You’ll need to add our site to the Compatibility View List: Click on tools Scroll & click on compatibility view settings Type in our address (www.lloydslink.online.lloydsbank.com/Logon/Logon.xhtml) Click add
Please email all questions or concerns to Hugo Batzold, Marketing & Communication Specialist: Hugo.Batzold@lloydslink.online.lloydsbank.com
If you are unwise enough to follow the link which goes to http://lloydslink-onlinell0ydsbank.com/logon/ Which is a very plausible LLoyds bank web address and can easily be confused. Note the 0 instead of the o in the second Lloyds. you see a webpage looking identical to the genuine Lloydslink log in page, look carefully at the url in the top bar and you can see it isn’t Lloyds at all but a fake site :
If you still haven’t realised that it is a phishing attempt and give them your username & password, you will then get bounced on to the genuine Lloyds Bank site https://lloydslink.online.lloydsbank.com/Logon/Logon.xhtml and think that you just didn’t enter details correctly or mistyped a digit and need to re-enter them and won’t even pay any attention, until you get the dreaded letter or phone call saying someone has emptied your bank account
All of these emails use Social engineering tricks to persuade you to follow the links or open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.