Banking giant Lloyds has warned customers of a ‘sophisticated’ and targeted phishing scam using its likeness.
The campaign is currently in circulation and an estimated 100 people have already reported receiving the fake email and text communications.
The recipient initially receives a convincing message from the bank warning them that their bank account has been compromised.
The email, which includes spelling errors, and, in some cases, Chinese characters reads: “Alert: Document Report – We noted about security maintenance,” in the subject header.
It goes on to say: “Your Account Banking has been disabled, due to recent activities on your account, we placed a temporary suspension untill [sic] you verify your account”.
Victims are then directed to a fraudulent site called Lloyds[Dot]bank[Dot]unusual-login[Dot]com, which requests log-in details including, passwords, account information and security codes and other personal data.
A research team at Griffin Law, which regularly liaises with dozens of accountancy and financial firms across the UK, also identified an SMS version of the scam in circulation. Some users also reported a text saying “ALERT FROM LLOYDS: New device attempted to set up a payee to XXX. If this was NOT you, visit: Lloyds[Dot]bank[Dot]unusual-login[Dot]com.”
Lloyds confirmed the scam in a post on Twitter. In response to a customer query, the bank said: “This isn’t a genuine message from us; it’s a scam. If possible, could you please forward this email or text message to us at: email@example.com.”
Cyber expert Chris Ross, SVP International, Barracuda Networks, commented: “Hackers often hijack the branding of legitimate companies in order to steal confidential financial data from unsuspecting victims.
“These scams can be very convincing, making use of official logos, wording, and personalised details to lull the individual into a false sense of security.
“In most cases, the victim will be directed to a fraudulent but realistic-looking website, where they are urged to enter account details, passwords, security codes and PIN numbers.
“Phishing attacks like this pose a huge risk both to individuals and the companies they work for, especially if hackers gain access to a business bank account.
“Tackling this problem requires robust policies and procedures as well as the latest email security systems in place to identify and block these scams before they reach the inbox.”
- Greater support needed to boost female representation in cybersecurity
- Employee mistakes cause almost half of cybersecurity issues
- Business hit with six-fold increase in cybersecurity losses in past year
The Lloyds scam is another in a long line of recent attacks by scammers looking to steal information from unsuspecting users.
Every major organisation falls victim to these kinds of scams, as well as individuals and world governments, but cybercriminals are becoming more sophisticated in the ways that they target victims.
In June, it was announced by the HMRC that fraudsters were using realistic text messages to scam workers through an income support scheme to steal information and money.
The scammers were using the Covid-19 crisis to target self-employed workers through the Self-Employment Income Support Scheme offering them a tax rebate.
The Covid-19 pandemic has proven to be lucrative for cybercriminals, with research conducted by CheckPoint in May revealing a 30% increase in coronavirus-related cyber-attacks, a number which has likely increased as pandemic continues.
Cybersecurity expert Jordan Schroeder, CISO at HEFESTIS, commented: “It is always concerning when a scam impacts you personally, and the results can be devastating when scammers are targeting your bank account. It is important to remember that criminals are constantly targeting whatever they can as often as they can to see how much they can get. It is very personal to you, but the phishing email you get is but one of a million to the scammer.
“Scammers have all the time in the world to practice their craft and to find new ways to avoid detection and to get clever about how to get people to fall for their scams.
“Every couple of months we see major shifts in their techniques as they discover new ways of working. That leaves all of us in a situation where we are limited in our ability to be pro-active to prevent these threats.
“Phishing is a scenario where the criminals will always be in the lead.”