Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Lloyds TSB clients targeted in phishing campaign

BitDefender UK : 26 June, 2009  (Technical Article)
BitDefender is warning UK online banking users to be wary of spate of phishing e-mails designed to gain password and user ID information from Lloyds TSB customers
A fraudulent scheme targeting the online credentials of Lloyds TSB customers features in the latest E-Threats Landscape Report from BitDefender. The phishing attack features a plain, yet clever unsolicited message instructing 'customers' to follow a link and confirm their account information.

The link does not lead to the e-banking portal, but to a collection of web pages that employ several visual identification components of the original web site, namely the bank logo (a bit blurry and disproportionately resized) and the general formatting elements.

The e-thieves seem to be interested only in the User ID and password, which they harvest via login.php script, and the memorable information, which they lift using login1.php script.

Some elements of the phishing attack are flawed, however. Even though all menu options are available, clicking any of them will return a '404 Page Not Found' message. Moreover, one can easily see that the web page address mimicking the genuine web site, actually loads from a domain registered in Brazil (.br instead of .com).

The usual security elements that you would expect to find on an e-banking site are also missing, namely SSL encryption (Secure Socket Layer) and security authentication methods (no 'https' prefix and locked padlock).
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo