Although not strictly web design or web development related, we have heard of a new banking phishing scam that hits new levels of sophistication.
Bristolian Helen Martin received an official-looking letter from her bank Halifax on 10 April 2017. The letter bore her correct identity and private online username, and the official bank letter-head. It stated that she needed to renew her online permissions by setting a new password.
Something felt wrong, so Ms Martin contacted Halifax.
I called the Halifax from a number I had previously used rather than the one on the letter and they did a check and confirmed it to be a fake.
They advised me to change my passwords, and take the letter into a branch.
The bank confirmed it had issued no such letter, and Ms Martin was the target of a phishing scam. Had Ms Martin not checked with her bank, she could have lost everything. She says she was left feeling annoyed and worried: “that others might just log in with the letter details without checking and be compromised, a bit stressed that as they had my user name they may have obtained other personal details/card details.”
Here is some advice from Halifax on spotting a phishing scam:
- We always greet you by title and surname, as in “Dear Mrs Smith”. We also always include your partial postcode.
- We never ask you to confirm personal or financial info in an email.
- We do not scare you with urgent warning messages and we never use email to warn you of suspicious activity on your account.
- Scam emails often look odd, with a messy layout and spelling mistakes.
- All genuine emails come from halifax.co.uk. There should never be another word in between halifax and .co.uk. (firstname.lastname@example.org is correct but email@example.com is wrong). If you share a suspicious email with our email scams mailbox, the automatic reply may come from lloydsbanking.com.
- We never link directly to our Online Banking sign in page, or a page that asks for security or personal details.
- We never ask you to carry out a test payment Halifax or move money to a new sort code and account number, even if it’s described as a “secure”, “safe” or ”holding” account.
- We never ask you to confirm personal or financial information.
- We never ask you to confirm personal or financial info.
- We never link to our Online Banking sign in page, or a page that asks for security or personal details.
- We never ask you to carry out a test payment online.
- We never ask you to move money to a new sort code and account number, even if it’s described as a “secure”, “safe” or ”holding” account.
Received a suspicious email or text message?
If you receive an email or text message that looks like it’s from Halifax but makes you suspicious, forward the email or send a screenshot of the text message to firstname.lastname@example.org. Here is a link to their online banking security page: Suspicious emails and text messages
Stay safe out there people. If in doubt report it.
See our earlier blog post on spotting fake paypal emails.
Other scams we heard of recently are phone calls that claim to be from Microsoft saying that your computer is sending private information. Also there a lot of spam emails threatening to go public with your personal search history or web cam video. All of this is nonsense.
Link to original article from The Canary: Have you received this letter from the bank? – it could be a very sophisticated scam