Joerg Habermeier - stock.adobe.c
Customers of Lloyds Bank are being targeted by a phishing scam that is currently hitting email and text message inboxes.
Legal firm Griffin Law has alerted people to the scam after being made aware of about 100 people who have received the messages.
The email, which looks like official Lloyds Bank correspondence, warns customers that their bank account has been compromised. It reads: “Your Account Banking has been disabled, due to recent activities on your account, we placed a temporary suspension untill [sic] you verify your account.”
Recipients are then directed to a fraudulent site called Lloyds[Dot]bank[Dot]unusual-login[Dot]com, where log-in details are requested, including passwords, account information and security codes, as well as other person data.
Griffin Law has also identified an SMS version of the scam in circulation, with people receiving a text that reads: “ALERT FROM LLOYDS: New device attempted to set up a payee to XXX. If this was NOT you, visit: Lloyds[Dot]bank[Dot]unusual-login[Dot]com.”
Responding to a customer on Twitter, Lloyds Bank said: “This isn’t a genuine message from us; it’s a scam. If possible, could you please forward this email or text message to us at: firstname.lastname@example.org.”
Donal Blaney, principal at Griffin Law, called on banks and the police to do more to protect vulnerable members of the public from such scams. “They have the money to do so. Why aren’t they doing more?” he said.
Chris Ross, a cyber security expert at Barracuda Networks, said: “Hackers often hijack the branding of legitimate companies in order to steal confidential financial data from unsuspecting victims.
“Phishing attacks like this pose a huge risk both to individuals and the companies they work for, especially if hackers gain access to a business bank account. Tackling this problem requires robust policies and procedures as well as the latest email security systems in place to identify and block these scams before they reach the inbox.”
Protecting yourself from phishing attacks is, as ever, a relatively simple matter. Users should be encouraged to: check senders’ email addresses and be alert to misspellings of brand or domain names; never supply login credentials or personal information in response to an email; use two-factor authentication to verify changes made to accounts; verify irreversible transactions, such as money transfers, via a means other than email; monitor financial accounts; and keep software and systems up to date.
Read more about phishing
- Researchers have observed an increase in phishing as a means to deliver ransomware payloads – and organisations don’t appear to be prepared.
- The NCSC has racked up a million suspicious email reports from the public just two months after launching a reporting service, but the lucky sender won’t be receiving a grand prize.
- The alleged mastermind behind the Twitter breach has been arrested, and the method of social engineering attack has also been revealed: phone phishing, or vishing.