...making Linux just a little more fun!

Up

Security Alert

On 6/16/06, Halifax Online Banking <security@halifax.co.uk> wrote:
> >
> >
> >
> >
> >
> >
> >  Dear Customer,
> >  Our Technical Service department has recently updated our online banking
> >  software,

[clarjon1] by outsourcing all site to a cheap webhosting so hackers can't find it, at least, that's what they told us,

[Thomas] Well done. You sent that reply back to whomever sent that phishing email initially.

[Jimmy] Um... no. 'halifax.co.uk' is a geniune site, the link 'hidden' in the 'Click here' part goes to http://jefferson.noc11.net/~tennyson/mail/FormsLogin.aspsource=halifax.co.uk/

[Thomas] Not the best thing to do, really.

[Jimmy] No, it's not.

[clarjon1] Agreed. I forgot to check who Gmail was sending it to...

Ah, well.

> > and due to this upgrade we kindly ask you to follow the

real, authentic, genuine faked

> >  link given below to confirm your online account details

so we can make sure that you won't abuse your money by taking it for ourselves.

> > Failure to
> >  confirm the online banking details will

make us sad, so we will hack the real server and

> > suspend you from accessing your
> >  account online.

Well, not really, we're just hoping that it will scare you into doing so. By the way, PLEASE don't look at the status bar when you put your mouse over it!

> >   https://www.halifax-online.co.uk/_mem_bin/formslogin.asp

Meanwhile, the link actually points to http://jefferson.noc11.net/~tennyson/mail/FormsLogin.aspsource=halifax.co.uk/

> >
> >        We use the latest security measures to ensure that your online banking
> >  experience is

unsafe and insecure.

> >The administration asks you to accept our
> >  apologies for the inconvience caused

such as bankrupcy

> >and expresses gratitude for
> >  cooperation,

so that we can make a lot of cash off of you.

> >  Regards,
> >  Halifax Online Technical Support
> >  --
> >  Please do not reply to this email address as it is not monitored

by us, but by the real company

> > and we
> >  will be unable to respond

since we faked the outgoing email address

> >  For assistance, log in to your Halifax Online Bank account and choose
> >  the "Help" link on any page.
> >
> >  (c) Halifax plc, Registered in England No. 2367076. Registered Office:
> >  Trinity Road, Halifax, West Yorkshire HX1 2RG. Authorised and regulated
> >  by the Financial Services Authority. Represents only the Halifax
> >  Financial Services Marketing Group for the purposes of advising on and
> >  selling life assurance

Right... They didn't do quite a good job of passing the "Reading The Address In The Status Bar When You Roll The Mouse Over The Link" test... another scam. heh. Well, rest assured, I'm sending a message to the REAL Halifax.co.uk's email phishing email link.