lloydsTSB enter full memorable info now?

ashcarrot

Does anyone else see a new box under the lloydstsb login ie drop downs for the memorable info as well as a box to enter it into. Having a box there seems extremely suspicious (i didn;t follow a link) as the drop downs are a way to stop giving all the info out. so wanted to check if anyone else see's it.

baby_boomer

I don't know what site you are on, but it isn't Lloyds.

https://online.lloydstsb.co.uk

My account login doesn't do what you describe.

Baldur

ashcarrot wrote: »

Does anyone else see a new box under the lloydstsb login ie drop downs for the memorable info as well as a box to enter it into. Having a box there seems extremely suspicious (i didn;t follow a link) as the drop downs are a way to stop giving all the info out. so wanted to check if anyone else see's it.

No such box when I just logged in.

ashcarrot

Just an update I didn't follow any links i put in the site specifically. Once i got that screen i became suspicious and put in crap for the details.

Phoned them up and they said it was prob a virus, even though i have antivirus installed and a quick scan found nothing (doing a full scan now). I will be doing a full scan now. They've suspended my online access temporarily.

So just a warning for you guys... I'll keep you updated to the cause if i find it.

isofa

Sounds like a dodgy phishing site you are viewing, and a problem with your computer linking to an unsafe website, rather than any problem at LTSB. A bank will never ask you to input your entire memorable word in one go, but a phishing site would, so they can them immediately gain access to your accounts from the real site, having all the letters from your memorable word to use.

I suggest you clear out all your cache and cookies with CCleaner, and run a full virus scan, then full malware and spyware scans using a variety of excellent free tools (Spybot, AdAware, Malwarebytes AntiMalware etc) - further details on the tech forum. (Virus scanners will not protect you against much of the spyware and malware out there, and not one anti-spyware scanner will catch them all, hence use a variety of scanners.

I also suggest you use Firefox which is more secure than IE, and if you add the NoScript add-on and only allow scripts from sites your trust 100% it's virtually bomb-proof.

The secure LTSB logon is here: https://online.lloydstsb.co.uk/customer.ibc?WT.svl=ibcplogon&WT.ac=hpIBlogon
(From the main site here: http://www.lloydstsb.com)

It asks for the standard username and password, then on the next page the 3 random letters from your memorable word. No other boxes are shown.

If you are seeing anything else, report it to LTSB immediately.

If fact they recently added announcements (when you login) to say they will not be contacting anyone by e-mail in the next 4 weeks, to hopefully help flush out some of the phishing emails, quote below from their site:

Genuine e-mail contact from Lloyds TSB

For the next 4 weeks you will not receive any unexpected emails from Lloyds TSB. If we contact you by email, it will only be in response to an instruction you have asked us to carry out for you.

If you receive any other type of email in this period it will not be genuine. Please forward it to us for investigation at [EMAIL="emailscams@lloydstsb.co.uk"]emailscams@lloydstsb.co.uk[/EMAIL] and then delete it from your inbox without responding.

johnmoney05

rl4engm

Just found this on Google, I think this could be pretty serious, I've had the same thing;

Cut a long story short I got this serious malware thing, computer ground to a halt, adverts popping up in IE, no pictures in IE, no regedit, no folder options etc, forced shutdowns. Anyway I thought I'd got rid of it with Avast!, AntiMalware, and Super Anti-Spyware, they all reported finding some stuff and cleaned it all up.

Thing is though it kept re-appearing, processes/files called winlognn.exe and csrcss.exe etc, and random ones like f935f97n2.exe, hacking the Winlogon part of the registry with something like "winlogon.exe, twex.exe".

Anyway I too became suspicious when I went to my Lloyds login screen and it had 3 text boxes for "Username", "Password" and "Memorable Information". Even though, at the exact same time, my other PC (not infected and running Firefox, with the exact same URL, correctly showed just the "Username" and "Password" fields. (i.e. you put the memorable information in in drop-down boxes on the next screen.)

Now to me, and I've worked with computers for as long as I remember, this is very serious indeed. The normal advice for not getting hacked is "Don't send your password by email", "Always check the URL and the padlock". etc. But with this, the URL was correct, the padlock was there, even the "Show Source" didn't look suspicious. What I was looking at looked completely bona-fide, except I knew I shouldn't be entering my memorable information as a free text field. So IE must've been hacked but to all intents and purposes I couldn't trust the information it was telling me!

I've notified the Lloyds TSB Support and they said (and I quote:)

Thanks for your email.
If you are being asked for your memorable information in full then you have a virus on your PC. Please ensure that any anti-virus software on your PC is fully up-to-date and run a scan. We also advise that you run a scan from an independent source. Please visit:
[URL="wlmailhtml:!!58F83F1B-F6F5-429C-8500-2380BF4256BE}mid://00000056/!x-usc:http://www.kaspersky.com/virusscanner"]http://www.kaspersky.com/virusscanner[/URL]

[..etc.. ]

I've emailed them back asking if anyone else has reported this, and also suggested putting a warning on the front page because of the reasons outlined above.

Any comments on this, or has anyone else encountered it?

Rob

soulsaver

rl4engm wrote: »

Just found this on Google, I think this could be pretty serious, I've had the same thing;

Cut a long story short I got this serious malware thing, computer ground to a halt, adverts popping up in IE, no pictures in IE, no regedit, no folder options etc, forced shutdowns.

Anyway I too became suspicious when I went to my Lloyds login screen and it had 3 text boxes for "Username", "Password" and "Memorable Information". Even though, at the exact same time, my other PC (not infected and running Firefox, with the exact same URL, correctly showed just the "Username" and "Password" fields. (i.e. you put the memorable information in in drop-down boxes on the next screen.)

Now to me, and I've worked with computers for as long as I remember, this is very serious indeed. The normal advice for not getting hacked is "Don't send your password by email", "Always check the URL and the padlock". etc. But with this, the URL was correct, the padlock was there, even the "Show Source" didn't look suspicious. What I was looking at looked completely bona-fide, except I knew I shouldn't be entering my memorable information as a free text field. So IE must've been hacked but to all intents and purposes I couldn't trust the information it was telling me!

I've notified the Lloyds TSB Support and they said (and I quote:)



I've emailed them back asking if anyone else has reported this, and also suggested putting a warning on the front page because of the reasons outlined above.

Any comments on this, or has anyone else encountered it?

Rob

Yep - I've not had all that stuff, sounds like you got a plague -but I had the op's virus -its not a phishing email, this IS a virus and indeed beat my AVG. I had it not with Lloyds but with First Direct; when you attempt to login to your online bank it launches a look alike login page exactly like FD's (in my case) but following the normal 1st, 3rd, 6th etc digit from password, had an additional free text box asking for the password in full, as OP said. I believe if you fill it in it will eventually return your data info to the scammers, hence the bank shut down access to your account.
FD recommended an downloadable virus scan which didn't find the beggar.
I downloaded Bullguard (free trial) and a scan with that detected it, although it took manual intervention to clean it. It took a few hours but I've got a load stuff on my PC.
When you manage to clean it, (FD) wanted me to assure them I had 2 completely clean scans, the name of the virus detected, and a confrimation that you got to the login screen several times without the 'password in full' box appearing. Then, when confident you're clean & sorted, they reset the memorable data to summat new.
The virus is the 'best' attempt I've ever seen to catch you out, the login page itself appears to be hijacked so looks totally realistic other than the extra box, the security lock is shown etc...and yep agree they should post warnings on their site.
BTW once you are satisfied you're clean & everything is performing ok(and as above it is worth running a range of scans -malware found additional virus on mine) it's worth setting up a named clean restore point & deleting all previous restore points to ensure any backups including the virus have been deleted.

Loco

rl4engm wrote: »

adverts popping up in IE, no pictures in IE, no regedit, no folder options etc, forced shutdowns.

isofa wrote: »

I also suggest you use Firefox which is more secure than IE, and if you add the NoScript add-on and only allow scripts from sites your trust 100% it's virtually bomb-proof.

This.

Don`t know why people use Internet Explorer. Must be the worst browser around and most virus ridden at that.

Get Firefox

welshmoneylover

Loco wrote: »

This.

Don`t know why people use Internet Explorer. Must be the worst browser around and most virus ridden at that.

Get Firefox

What's firefox?

I've heard it be mentioned before on various sites but I don't know much about it.

whu

welshmoneylover wrote: »

What's firefox?

I've heard it be mentioned before on various sites but I don't know much about it.

It's a browser tool - some people log into it instead of internet explorer