Lloyds TSB on-line credentials sought by phishers
June 24, 2009
Normal
0
false
false
false
EN-US
X-NONE
X-NONE
MicrosoftInternetExplorer4
st1:*{behavior:url(#ieooui) }
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:”Times New Roman”;
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:”Times New Roman”;
mso-bidi-theme-font:minor-bidi;}
Lloyds TSB is challenging the Top ten most counterfeit bank
identities described in our latest E-Threats
Landscape Report. This time, with a not so flashy, yet nifty unsolicited
message, that requires customers to follow a link and confirm their account
information, after an alleged attack.
The link does not lead to the e-banking portal, but to a collection
of Web pages that employ several visual identification components of the
original Web site, namely the bank logo (a bit blurry and disproportionately
resized) and the general formatting elements.
The e-thieves seem to be interested only in the User ID and
password, which they pilfer via login.php
script, and the memorable information, which they lift using login1.php script.
Even though all menu options are available, clicking any of
them will return a “404 Page Not Found” message. Moreover, one can
easily see that the Web page address mimicking the genuine Web site loads from
a domain registered in Brazil
(.br instead of .com).
And, as usual, there are no specific security elements, one
could expect to find on an e-banking site, namely SSL encryption (Secure Socket
Layer) and security authentication methods (no “https” prefix and
locked padlock).
tags
Author
I rediscovered "all that technical jazz" with the E-Threat Analysis Team at Bitdefender, the creator of one of the industry's most effective lines of internationally certified security software.
View all postsRight now Top posts
Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond
April 01, 2024
Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts
November 28, 2023
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
