OMG Bank of Scotland Fake Website!! Money stolen. Has anyone heard of this?

RichardJohn_2

UNDERGROUND wrote: »

I have to say that the fake sites are very convincing.

The very best way to tell if a banking site is genuine is to check for the padlock symbol in your web browser, also the prefix 'https' before the website address.

I also did a bit of research on the websites registrant - it's someone grotty little scammer in Namibia.

I also agree that some of the comments in this thread are unhelpful and rude, this seems to be happening more and more on these forums which is a real shame.

I hope that family member sorts out their problem and get them to check for the padlock sign whenever signing in to financial sites.

Regards
UNDERGROUND

This is bad advice. You should check the address of the site in the address is the correct one - any site that's shelled out 20 quid for an SSL certificate will display the padlock.

System

Mikeyorks wrote: »

One of your relatives has just accessed it directly .... then input all the details it needed. Can't explain how it could show the full Bank account details ..... that sounds a bit far fetched. Are you sure they hadn't logged into the correct one by then.

Just went on there and put a load of random text in the sign in fields (it does ask for rather alot of information!) and once they've sucked it all in you get re-directed to the genuine BOS site, hence they (OPs relative) must have signed in again but on the genuine site thus displaying their account details.

Regards
UNDERGROUND

RichardJohn_2

Mikeyorks wrote: »

So where do you think the links in the phishing Emails direct you to? Something that says 'Imafakesite.com'? I think not. They direct you to a site that looks like / smells like / sounds like .... the site they intend you to think you're visiting.

One of your relatives has just accessed it directly .... then input all the details it needed. Can't explain how it could show the full Bank account details ..... that sounds a bit far fetched. Are you sure they hadn't logged into the correct one by then.

It's possible that the site then logged into the real site, scraped the data and displayed it, so that the victim doesn't get suspicious and phone their bank.

System

RichardJohn wrote: »

This is bad advice. You should check the address of the site in the address is the correct one - any site that's shelled out 20 quid for an SSL certificate will display the padlock.

To be fair how many scam sites have you seen displaying a padlock symbol and with a https address prefix? I'm not trying to say this is foolproof just that it's a decent indication.

UNDERGROUND

Mikeyorks

UNDERGROUND wrote: »

Just went on there and put a load of random text in the sign in fields (it does ask for rather alot of information!) and once they've sucked it all in you get re-directed to the genuine BOS site, hence they (OPs relative) must have signed in again but on the genuine site thus displaying their account details.

Regards
UNDERGROUND

Thanks - must confess I'd have been a bit hesitant to do that. The 10 a day NatWest phishing mails I'm getting at the moment are all a bit mundane and pidgeon English. Refreshing, I suppose, that some of them are showing more initiative!! But I didn't think it extended to suddenly producing a close mirror image of your genuine account ... as you logged into the fake one .. despite all the data they request on login.

Mikeyorks

RichardJohn wrote: »

It's possible that the site then logged into the real site, scraped the data and displayed it, so that the victim doesn't get suspicious and phone their bank.

Now there's a clever thought .... can you do a Ctrl / V (or whatever) remotely? They'll be putting the money back in next ... to avoid suspicion!

Problem is a bit like a Hydra - chop a few off - and even more grow.

moni72

Mikeyorks wrote: »

So where do you think the links in the phishing Emails direct you to? Something that says 'Imafakesite.com'? I think not. They direct you to a site that looks like / smells like / sounds like .... the site they intend you to think you're visiting.

One of your relatives has just accessed it directly .... then input all the details it needed. Can't explain how it could show the full Bank account details ..... that sounds a bit far fetched. Are you sure they hadn't logged into the correct one by then.

Sorry but it seems you and RichardJohn are giving advice on something you don't know much about, hence the reason I am here asking for advice!

Firstly, having spoken to the BOS just now this is not referred to as PHISHING. PHISHING is more associated with emails, not fake websites. This has been some sort of trojan virus (which is too complicated to explain but is apparently explained in the security centres of banks' websites.)

It's not far fetched that it showed her her own bank account at all. It's a very clever program and the BOS Online Rep was not surprised by this.

They have confirmed that this is an imposter site and will escalate it immediately for investigation. So it seems they didn't know about this.

Thanks very much to those who responded helpfully and sympathetically which is what Martin designed the site for.

I feel sorry for the people who feel the need try and humiliate people for not being as street wise as they seem to THINK they are. Hope you are always more clever the con-artists!

RichardJohn_2

Well it's possible to open the real site in a frame and use javascript to fill the form fields, and it's also possible to use something like CURL to log in on the server side.

System

Mikeyorks wrote: »

Thanks - must confess I'd have been a bit hesitant to do that. The 10 a day NatWest phishing mails I'm getting at the moment are all a bit mundane and pidgeon English. Refreshing, I suppose, that some of them are showing more initiative!! But I didn't think it extended to suddenly producing a close mirror image of your genuine account ... as you logged into the fake one .. despite all the data they request on login.

I get those bloody NatWest e-mails every day too!! Record is 19 in one day! They look very amatuerish and I'm amazed that anyone would ever fall for them. Plus the fact that the websites are almost immediately taken down.

Some of these mirror sites are very convincing though, escpecially for the less aware / wary.

UNDERGROUND

Mikeyorks

moni72 wrote: »

Sorry but it seems you and RichardJohn are giving advice on something you don't know much about, hence the reason I am here asking for advice!

Oh dear .... you really haven't taken the time to understand anything in the bit you've quoted, have you. Too easy to simply berate anything that doesn't conform to your view of help.

So here's a helpful link :-

http://www.bankofscotlandhalifax.co.uk/securityandprivacy/whatyouneedtoknow.asp

- and it's the genuine one. It isn't a Trojan to blame - which is designed to gather the sort of info your relative gave freely, when they logged directly into the false site. And the link to phishing, that you've wholly misunderstood, is that a phishing Email will have a link to direct you to the false site.
But - owing to a typing error (as per your OP) your relative went directly to the false site. Trust that's clearer? The earlier posts were designed to be helpful, but admittedly tainted a bit by your aggression from the off.

It is the same as a phishing Email. It's just that your relative inadvertently cut out the need of the Email.

Goodnight.