We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Lloyds TSB - Hacking Alert!
Comments
-
If You get any phishing or scam emails about your bank or any other bank even if it is not your bank you should forward it without adding anything to the message, just click forward and send to [EMAIL="reports@banksafeonline.org.uk"]reports@banksafeonline.org.uk[/EMAIL]
They will track the sender and close the address if everyone does it will help to stop this crime.
After forwarding the scam /phishing email delete it do not open it, and do not reply, do not send any response at all or they will pass you address around to other scammers.0 -
Thomas_Crown wrote: »I am quoting part of what the OP posted so everyone can read it again. The OP never mentions his/her SIL receiving an email. Why has everyone jumped to that conclusion?
There was a thread on this site that referred to this type of fake site as a ''middleman scam'' whereby the scammer tries to intercept all info transmitted by the customer to the bank & vice-versa.
It would have been interesting if the OP had updated the thread,
The malware could have arrived in an email as attachment, or a link to a site, or possibly picked up while surfing.
'Man in the Middle' basically routes your connection through a proxy before going to the real site,
So everything you send is also logged at the proxy
was this the link you were referring to?Thomas_Crown wrote: »With some fake sites/attachments it is possible to get rid of them by entering false information but unfortunately this does not work with the fake LTSB site.
That's correct (assuming MitM attack), because you're connected to the real website, but through a proxy0 -
Thanks for posting the link, JayTee99. I was referring to a post made by a Moneysaver, a few months ago. I noticed that your link was to Kaspersky & it is their anti-virus/anti-malware that LTSB recommend.
I am currently using my laptop as I can't use my desktop for internet banking with LTSB because of the fake website. LTSB shut down my online banking for 6 weeks & it is only because I have an alternative computer that I can use it once again. I still need to rid my desk top of the malware/spyware as it's an absolute pain!0 -
Digital certificates reduce this risk somewhat. However, the process of verifying digital certificates itself depends on using the DNS system to look up the certifying authorities, meaning that the same cache poisoning bug can theoretically be used to issue fake SSL certificates.
Not true at all; when EV SSL signing is used, or indeed just a bog-standard SSL certificate, the root CA sign the certificate themselves, verification simply relies on your computer holding the certificate of the root CA in its store, which generally speaking is fairly likely as all reputable Certification Authorities are included in the default windows certificate store, unrecognised certificates will cause a warning, at no point will your computer give implicit trust to a Root CA that's not in your store.0 -
It would have been interesting if the OP had updated the thread,
The malware could have arrived in an email as attachment, or a link to a site, or possibly picked up while surfing.
'Man in the Middle' basically routes your connection through a proxy before going to the real site,
So everything you send is also logged at the proxy
was this the link you were referring to?
That's correct (assuming MitM attack), because you're connected to the real website, but through a proxy
an MitM attack will only work transparently if the site isn't using SSL; if you ensure that you are using SSL on the website and that the certificate is verifying successfully against the root CA signature then you have nothing to worry about.
it's of course not impossible to conduct an MitM attack over SSL, but you won't be able to create a genuine certificate for the site you're proxying and so long as the user doesn't ignore their browser flagging up a huge warning about the site, they won't fall victim, not to mention that an MitM can really only be successfully conducted over a LAN.0 -
Lloyds are very good at reminding users of how to stay safe
You'd have to be a right idiot to fall for any of this stuff.
Or someone who never read anything Lloyds told them when logging on - which amounts to the same thing.0 -
Hi all, be warned the Lloyds TSB email scams are still going, I've just received an email telling me my account was 'Scheduled for Termination' and a link telling me to - click here to modify your account.
The email was from - LloydsTSB (customer@lloydstsb.com) and looked very professional.
Let me tell you I was also very impressed with the set out of the page that wanted my details, but I was already suspicious and read the address of the page itself - Tried to post the link it but it won't let me on here!
I had to warn my hubby as he is also with Lloyds and I know he would have panicked and fell for this!
Is there any formal body I should inform of this, reading Lloyds real website they only ask you to contact them if you've actually been scammed.0 -
You could try forwarding the email to abuse@lloydstsb.com0
-
Scary stuff but that's why I never ever click on a link to take me to any banking website. I always type in the address myself even if the email looks genuine.0
-
Yes, and it's not unique to LTSB - there are millions of phishing emails and they will continue. The same advice, to be vigilent, holds strong.Hi all, be warned the Lloyds TSB email scams are still going, I've just received an email telling me my account was 'Scheduled for Termination' and a link telling me to - click here to modify your account.
The email was from - LloydsTSB (customer@lloydstsb.com) and looked very professional.
No, and it's not worth it - no-one can afford to employ enough staff to even read that amount of emails, let alone act on them. If every spam email received generates an outgoing email to some "authority", the internet and associated mail systems would grind to a halt. It's not worth it - we all know they exist - there's no need or point in telling anyone in "authority" that you've received a spam email.Is there any formal body I should inform of this, reading Lloyds real website they only ask you to contact them if you've actually been scammed.
Identify it - bin it - don't act on it. That's all you need to do.
Using IP addresses would break SSL certificates, that would have been bound to the hostname - they would have in 2008 as well.But I don't think it's realistic to expect people to give up on using domain names, and use only IP addresses instead.
Dunstonh's comments and points are still valid - be vigilent; spot the obvious - these emails are crying out to be noticed.You've never seen me, but I've been here all along - watching and learning...:cool:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.6K Work, Benefits & Business
- 600K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards