Lloyds TSB - Hacking Alert!

annies1

luci wrote: »

You could try forwarding the email to [EMAIL="abuse@lloydstsb.com"]abuse@lloydstsb.com[/EMAIL]

Afraid that email comes back as undeliverable, but I have already forwarded it to the link in the above post. [EMAIL="reports@banksafeonline.org.uk"]reports@banksafeonline.org.uk[/EMAIL]

Jonbvn

annies1 wrote: »

Afraid that email comes back as undeliverable, but I have already forwarded it to the link in the above post. [EMAIL="reports@banksafeonline.org.uk"]reports@banksafeonline.org.uk[/EMAIL]

use this address [EMAIL="emailscams@lloydstsb.co.uk"]emailscams@lloydstsb.co.uk[/EMAIL]

pawlala

how did they get past your memorable information?

soulsaver

pawlala wrote: »

how did they get past your memorable information?

Absolutely correct: It's not been said here yet but if your bank's normal login process asks for selected characters from you password like First Direct (or selected characters from memorable data like Lloyds) ANY process that asks for them in full should be given a wide birth.
And it should be said that the OP didn't say anything about phishing mails - that was assumed by a subsequent response.
There is a 'virus' that hi jacks the banks login page - so it looks absolutely authentic even down to the lock symbol in the bottom right - but it asks for your full password. If you fill in your info it will be transmitted to a scammer.
The only obvious way to spot this is the unusual request to fill in you full password/memorable data - do not do that.
You will need to report it to your bank as their security people will offer help on how to remove the virus.

LongTermLurker

soulsaver wrote: »

There is a 'virus' that hi jacks the banks login page - so it looks absolutely authentic even down to the lock symbol in the bottom right - but it asks for your full password. If you fill in your info it will be transmitted to a scammer.
The only obvious way to spot this is the unusual request to fill in you full password/memorable data - do not do that.
You will need to report it to your bank as their security people will offer help on how to remove the virus.

And where is that virus - on the bank's webserver, or on the user's PC? If on the user's PC, as your past paragraph suggests you mean, then what is there to "hijack"? The website isn't on your PC. There could be a trojan on your PC that redirects you to another website that's been built to look like the bank's, but that's what people have been saying on this thread all the way back to 2008. A trojan isn't a virus, and vice versa.

You talk about duplicating the lock in the browser. That padlock is rendered by your browser, not the website. The padlock appears when the brrowser detects that the site you're visiting is secure, and is based on data in the site's digital certificate being valid. To be valid, the certificate would have had to be signed by a trusted certificate authority and be related to that website; thus the bogus website would have to either be from a different domain (so the address is wrong) or someone would have had to physically get hold of the certificate stored on the bank's web server - no mean feat.

Going back to your virus/trojan idea, it's possible that the trojan could have replaced Internet Explorer and thus show a padlock for no reason.

In summary, while it is possible to contract a trojan, most vulnerabilities are still derived from mistakenly clicking email links. Even from the trojan point of view, the trojan itself has likely been contracted through browsing dodgy websites and downloading "fun" free games and software - exactly the same way people used to be enticed into viewing "funny" embedded nasties in emails.

So whether email or trojan, the answer is still the same - be vigilent; don't click links you aren't 100% certain about, don't download software just because it looks fun and it's free. If you're smart and internet savvy (read "sceptical and distrusting") you will be well placed for avoiding such exploits.

soulsaver

LongTermLurker wrote: »

And where is that virus - on the bank's webserver, or on the user's PC? If on the user's PC, as your past paragraph suggests you mean, then what is there to "hijack"? The website isn't on your PC. There could be a trojan on your PC that redirects you to another website that's been built to look like the bank's, but that's what people have been saying on this thread all the way back to 2008. A trojan isn't a virus, and vice versa.

You talk about duplicating the lock in the browser. That padlock is rendered by your browser, not the website. The padlock appears when the brrowser detects that the site you're visiting is secure, and is based on data in the site's digital certificate being valid. To be valid, the certificate would have had to be signed by a trusted certificate authority and be related to that website; thus the bogus website would have to either be from a different domain (so the address is wrong) or someone would have had to physically get hold of the certificate stored on the bank's web server - no mean feat.

Going back to your virus/trojan idea, it's possible that the trojan could have replaced Internet Explorer and thus show a padlock for no reason.

In summary, while it is possible to contract a trojan, most vulnerabilities are still derived from mistakenly clicking email links. Even from the trojan point of view, the trojan itself has likely been contracted through browsing dodgy websites and downloading "fun" free games and software - exactly the same way people used to be enticed into viewing "funny" embedded nasties in emails.

So whether email or trojan, the answer is still the same - be vigilent; don't click links you aren't 100% certain about, don't download software just because it looks fun and it's free. If you're smart and internet savvy (read "sceptical and distrusting") you will be well placed for avoiding such exploits.

Well informative .. but I'm not sure of the point you are making other than the semantics of a trojan is not a virus.
My point was a warning to the uninitiated that may just read the thread that there are other ways of being scammed into releasing your password other than by than phishing emails. The clear statement not to release full data where your bank usually only asks for selected characters I believe to be perfectly valid. Don't you?

LongTermLurker

soulsaver wrote: »

Well informative .. but I'm not sure of the point you are making other than the semantics of a trojan is not a virus.
My point was a warning to the uninitiated that may just read the thread that there are other ways of being scammed into releasing your password other than by than phishing emails. The clear statement not to release full data where your bank usually only asks for selected characters I believe to be perfectly valid. Don't you?

Yes I do. Sorry if my post sounded technically critical, it wasn't meant to be. The point I was making is that I think you've got the wrong end of the stick, and that's important.

You talked about a virus/trojan/whatever doing the rounds and that a piece of software was asking for full details, which would then be sent across the world to some bad guys. I don't think that's the case.

What you're sort of alluding to is people accessing a fake website, which looks like the real one but asks for full details. The owner of that fake website then has the data - the risk is out on the web, not some software sat on a user's PC, so it's neither a virus or a trojan.

To get you to go to that fake website, there are various things a criminal can do, but most are technically complex - the easiest and most effective way is to send someone an email with a fake link in it. Not the only way, but the most likely.

I specifically spoke about your virus/trojan idea, and my point there was that to get that trojan, you've probably downloaded some "fun" software - so the advice is sort of the same: beware of links, whether in emails or on websites, and think twice before you click.

The basics of what you said are good though - as you say, one thing to be aware of is when you're asked for full details. The unfortunate thing is that many banks etc still use complete passwords/maiden names/place of birth, etc.