New banking phishing scam by letter for Halifax bank customer details

Home » Internet security » New banking phishing scam by letter for Halifax bank customer details

Although not strictly web design or web development related, we have heard of a new banking phishing scam that hits new levels of sophistication.

Bristolian Helen Martin received an official-looking letter from her bank Halifax on 10 April 2017. The letter bore her correct identity and private online username, and the official bank letter-head. It stated that she needed to renew her online permissions by setting a new password.

Something felt wrong, so Ms Martin contacted Halifax.

I called the Halifax from a number I had previously used rather than the one on the letter and they did a check and confirmed it to be a fake.

They advised me to change my passwords, and take the letter into a branch.

The bank confirmed it had issued no such letter, and Ms Martin was the target of a phishing scam. Had Ms Martin not checked with her bank, she could have lost everything. She says she was left feeling annoyed and worried: “that others might just log in with the letter details without checking and be compromised, a bit stressed that as they had my user name they may have obtained other personal details/card details.”

Halifax phishing scam

Here is some advice from Halifax on spotting a phishing scam:

Emails:Halifax fake email

  • We always greet you by title and surname, as in “Dear Mrs Smith”. We also always include your partial postcode.
  • We never ask you to confirm personal or financial info in an email.
  • We do not scare you with urgent warning messages and we never use email to warn you of suspicious activity on your account.
  • Scam emails often look odd, with a messy layout and spelling mistakes.
  • All genuine emails come from halifax.co.uk. There should never be another word in between halifax and .co.uk. (name@mail.halifax.co.uk is correct but name@halifax.mail.co.uk is wrong). If you share a suspicious email with our email scams mailbox, the automatic reply may come from lloydsbanking.com.
  • We never link directly to our Online Banking sign in page, or a page that asks for security or personal details.
  • We never ask you to carry out a test payment Halifax or move money to a new sort code and account number, even if it’s described as a “secure”, “safe” or ”holding” account.

Texts:Halifax fake text

  • We never ask you to confirm personal or financial information.
  • We never ask you to confirm personal or financial info.
  • We never link to our Online Banking sign in page, or a page that asks for security or personal details.
  • We never ask you to carry out a test payment online.
  • We never ask you to move money to a new sort code and account number, even if it’s described as a “secure”, “safe” or ”holding” account.

Received a suspicious email or text message?

If you receive an email or text message that looks like it’s from Halifax but makes you suspicious, forward the email or send a screenshot of the text message to security@halifax.co.uk. Here is a link to their online banking security page: Suspicious emails and text messages

Stay safe out there people. If in doubt report it.

[wp_ad_camp_1]

See our earlier blog post on spotting fake paypal emails.

Link to original article from The Canary:

Have you received this letter from your bank? You could be the target of the latest phishing scam [IMAGE]

Please follow and like us:
Posted on