you're reading...
Security News

New phishing scam email uses Lloyds TSB Bank online portal

I received an email today with an obvious phishing scam using a fake Lloyds TSB online banking webpage.

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

This type of attack is well known and will deceive users in revealing confidential information. Credit card numbers, home address, date of birth, PIN numbers, security codes are just some of the information that is taken in a phishing attack. Hackers use this information to perform credit card fraud and identity theft.

How do you know if you are being defrauded by a phishing attack? There are several things to look for which I will outline here, plus I will show screenshots of the phishing attempt to my hotmail account so you can see a good example.

“I have the latest anti-spam filters on my computer but I still get these type of emails…how do I stop these from coming to my inbox?”

Hackers often embed the link to the fraudulent website by embedding links in jpeg images which are more difficult to prevent with anti-spam filters.

“I don´t have an account with Lloyds TSB, how did they get my email?”

You would be surprised how easy it is to find your email on the internet. All it takes is a scan of social networking sites to gather email addresses of users in a spam campaign.  Limit your digital footprint on the internet by not disclosing your personal email address on sites such as Facebook, LinkedIn or Twitter.

Hackers use several techniques to deceive the user into going to the website in the first place, which is essentially a social engineering attack conducted by email.   Normally the email will indicate that you need to enter your details into the online banking website or your account will be deactivated, or that someone has attempted to access your account online and you need to reset your password. This is a simple manipulation technique using the fear of loss, which is often used in social engineering.  If the user doesn´t comply in these examples, they are told they will lose access or may have lost money already by someone fraudently accessing the account.

This example is one of many and others include connecting to Amazon, Ebay and Paypal. Basically any online website that requires online authentication is vulnerable.


Screen Capture 1

Here is the screenshot of the email I received which appears to be from Lloyds TSB. Firstly I don´t have an account with this bank so there is zero possibility of clicking on the link to go to the website in the first place, but I decided to click on it to see how this attack has been executed.

The link that is included in the website appears to send you to the Lloyds website…


however the real URL of the link is…


With a simple redirection you are sent to a website that looks like the real Lloyds TSB personal login page.

Screen Capture 2

The page you are directed to is identical to the Lloyds TSB site in appearance. The hacker can use tools to copy the website and host it on another domain. In this case the site is hosted on the domain ontwowheel.com which appears to have been hacked to host the files.  Hackers will also use a domain that appears on first inspection to be the real domain name but some characters have either be changed (sometimes using numbers instead of letters) or added to the domain name.

For example http://www.lloydstsb.co.uk could be changed to —

http://www.loydstsb.co.uk       http://www.lloydstsb-online.co.uk     http://1loydstsb.co.uk

Ok so let´s crack on and go to the next stage and click on the email link –> http://www.lloydstsb.co.uk/lloydsTSB-onlineVERIF&d=spencerscott@hotmail.co.uk&docale=en_BG_uk

In my case I entered a dummy username and password. The first form obviously captures your username and password and then when you go to continue you are sent to a new page that asks you for a lot more information. Check the next screenshot

Screen Capture 3

You can see from this example that the page will then capture your memorable information,Mother´s maiden name, card expiration date, Card Verification Code (the three digit number on the back of your card), date of birth, ATM PIN CODE (!!!!), current available credit, telephone banking PIN number and more.

If you have gone that far you are definitely in for trouble!  This is a smorgasboard of information that can be used against you.  Armed with that information only a hacker could make alterations to your real account by social engineering a telephone banking support person to change your personal details, fake address, or request a new card or PIN number.   These are some basic examples, but it could be the first step for you to get PWNED.

This is a basic example that captures your information, but there are more sophisticated attacks that are being used which have ways of not only extracting your information but also by installing rootkits that enable backdoors into your PC from the outside. An attacker can trick a user to install a java plugin for example that will setup a reverse connection to the attacker. From that point the attacker can run a remote shell to access your computer and then can further steal information by installing keyloggers or viruses for example.

So what can we learn from this to prevent from being deceived by a phishing scam or attack?

First and foremost is awareness. You have to be aware that this attack exists obviously. Here is a list of things to check as best practice when receiving emails from banks or online websites requesting information.


1. Be suspicious of demanding or threatening e-mails. Don’t be intimidated into acting without thinking! A legitimate business should not request personal information from you over an unsecured Web site.

2. When in doubt, call the business customer service number to confirm the status of your account.

3. Do not use telephone numbers found on suspected Web site or email.

4. Be careful regarding downloads, as installing unknown software on your computer can put your personal information at risk and potentially harm your computer’s hard drive. Always make sure the software comes from a legitimate Web site, not an e-mail message.

5. Always type in the URL of the Web page you need. Phishing schemes depend on embedded links that take you to fake sites.

6. Protect information like your login ID, password or Social Security number at all times.

7. Keep your computer up-to-date with anti-virus and firewall programs.

8. Keep updated with the latest security improvements of your software providers.

9. Use common sense, if it feels weird, or too good to be true, it probably is. Don’t be tempted by easy money or cowed by authoritative language

10. Don’t use the internet at all. A Top 9 list just doesn’t have the same impact!



No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: