spoof LloydsTSB email doing the rounds

please confirm your details...

yes right.

Reply to
In400metreskeepright
Loading thread data ...

I'm surprised you haven't had one before, and also from other pseudo companies. They seem to be part of the scenery nowadays.

What I find odd is that warnings that are given regarding visiting these sites do not tell you to look at the URL in the address bar. If it's not a genuine site the URL will look unusual, suspicious, and probably from another country. Never will it look like, e.g. LloydsTSB.com.

Rob Graham

Reply to
Robin Graham

It's easier just to tell people not to click on links in emails. If you tell them to examine the URL they need to know exacty what their looking for - a dodgy URL could easily include lloydstsb.com eg

formatting link

Reply to
Andy Pandy

I've had them from many other banks but this is the first I've seen from LLoydsTSB.

Reply to
In400metreskeepright

Sure, but then there's the giveaway at the end.

Rob

Reply to
Rob Graham

They clutter my mailbox.

Kaspersky monitors incoming mail for known "phishing" sites and flags them, as well as reporting Trojan content before downloading.

A fair proportion of the pseudo banking emails have payloads... Click on any "links" if you want infecting. :-(

Reply to
Gordon H

In message , Robin Graham wrote

A lot of credit card "security" pages look like Phishing sites with a URL containing a sting of random characters.

Reply to
Alan

I get a lot of Lloyds TSB ones. I guess this is because they don't have two factor authentication like some of the other banks, so it is easier to break in to.

Reply to
Jonathan Bryce

I have a User ID, Password and then 3 factor entry. for my LloydsTSB

Reply to
In400metreskeepright

"In400metreskeepright" wrote

1 : Something(s) you *know* (eg security details), 2 : Something(s) you *have* (eg a dongle producing a number), 3 : what is the third type for your LloydsTSB?
Reply to
Tim

No, that is one factor - what you know.

Other banks have a hand-held chip & pin device or sms verification which checks a second factor - what you have. To take money out of these accounts, you need to know something - the User ID, password and secret answers, and have something - a chip & pin card, or a mobile phone tied to a particular phone number.

Reply to
Jonathan Bryce

To someone who knows what they're looking for. To someone who doesn't understand the formats of URLs it could look genuine.

It's easier to advice people not to click on links in emails than to describe what a genuine URL should look like.

Reply to
Andy Pandy

It may be easier, but is it effective? After all, it's easier to tell kids not to cross the road than to teach them the Green Cross Code.

Reply to
Ronald Raygun

My best advice (which no one else ever gives) is:

Try the site out first with bogus login info and if the page says "thank you" then you know it's a scam.

(though I accept there are other reasons for not clicking the link)

tim

Reply to
tim....

With respect, that is bad advice and the best advice is to not even click on the email in the first place!

Or opening the email at all.

Reply to
Yellow

No bank is going to send you such an email. Just dump the stuff. Keep the preview pane closed at all times.!!!!

Never assume that a communication from a bank or BS is genuine. ASk how you are to verify who they are. They may ask you to verify by phoning the number on the reverse of a CC, or other number you can obtain independently. If they ask you to verify your details, don't tell them anything, but ask them to verify their details. Try not to be a mug

GPG

Reply to
GPG

Apparently some of these are done in real time - ie either someone is sat waiting for login details to be entered and then immediately enters it onto the real website or they could use an application to take the login details and enter them on the bank's real website, analyse the response, and provide the appropriate response to the victim. I've written asp.net applications to take input from a user, enter them on a different website, analyse the reply and send the user an appropriate response, so I wouldn't rely on that.

Reply to
Andy Pandy

I've just got one pretending to be BT. WTF would anyone want BT account login details - surely all you'd be able to do is see bills, change payment method, sign up for new services etc.

Reply to
Andy Pandy

In message , Andy Pandy writes

...Get a list of every phone number you call; print off a bill, which could be used as a contribution to stealing your I/D...

Reply to
Gordon H

Which would be useful for?

Possibly, but I thought bills printed off the web weren't usually acceptable as proof of ID, and as you say it wouldn't be enough on its own.

Reply to
Andy Pandy

BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.