Outline
Email claiming to be from Halifax Bank announces that 3rd-party intrusions have been detected and the recipient’s account has therefore been limited for security reasons. The recipient is instructed to click a link to confirm his or her identity and verify that the account has not been used fraudulently.
Brief Analysis
The email is not from Halifax. Links in the message open a fake website that contains web forms designed to steal the recipient’s account login details, credit card data and other personal information.
Example
Dear Halifax Bank Customer,
We have detected 3rd-party intrusions in many of our customers account, and because your security is our primary concern, we have limited your account until you confirm your identity and verify that your account has not been used for fraud purposes.
To access our online account validation form and remove the limitations on your account, please click on the following link:
Click here to access the validation form
After you complete our online validation form your account limitations will be removed and you can begin using your account as usual.
Thank you for taking your time,
Halifax Bank Security Office.
Detailed Analysis
According to this message, which purports to be from UK bank, Halifax, third party intrusions have been detected on the recipient’s account and, as a result, the account has been limited for security reasons. Supposedly, to restore access, the account holder must confirm his or her identity and verify that the account has not been used for fraud. The email instructs the recipient to access a “validation form” by clicking a link.
However, the email is not from Halifax bank and the recipient’s account has not been limited as claimed.
Halifax customers who fall for the lies in the scam email and click the link will be taken to a fake website designed to look like the real Halifax site and asked to login:
Next, they will be asked to provide name and contact information:
And, on a final form, they will be asked to provide their card details:
After the final form is completed, victims will be automatically redirected to the genuine Halifax website and, at least until the criminals begin using the stolen information, they may remain unaware that they have just been scammed.
Using the information provided on the fake forms, the scammers can hijack genuine Halifax accounts, lock out their rightful owners and commit banking and credit card fraud.
The bank has published information about Halifax phishing scams, including how to report any that you receive, on its website.
Phishing continues to be one of the most significant online scams. Be very cautious of any unsolicited message that claims that you must click a link or open an attached file to rectify a problem, restore account access, or update account information. To be safe, login to your online accounts by entering the address into your browser’s address bar rather than by clicking a link in an email.
