REPORT SUMMARY
Date Reported
11th January 2004
Apparent Sender
Lloyds TSB
Subject
Confirm your Lloyds
Bank account
information
Senders Address
(spoofed)
service@
lloydstsb.co.uk
Content
text with a cloaked
link to a forged
Lloyds TSB web page
(see images)
Spoofed Web page/site?
Yes
Web page/site
content
forged Lloyds TSB
online page with
web form
requiring
user
name &
password, etc
Web page/site origin
TRUE URL
http://
www.newmonc.
com:80/l/
applypassword.php
OR
SPOOFED URL
http://
online.lloydstsb.
co.uk
Identity Theft method
Web form
information
is captured by the
scammers using
PHP script
while
you are diverted
to the genuine
lloydstsb.com
home page
More...
Latest
email
scam
See our guide to
phishing scams
Other
Resources...
See our guides to
Free Utilities...
List of
Auction Sites
Confirm your Lloyds Bank account information - Email Scam
11th January 2004
This malicious email scam utilises a bug in Internet Explorer to steal users' accounts ...
This spoof takes the form of a text email with a link (see image below), but the link is cloaked (disguised to look like a genuine Lloyds TSB Online link) and will lead to a forged web page.
This link also exploits a known bug in Internet Explorer browsers which allows the URL (site address shown in the browser address bar) to be spoofed. This means that if you use that link, Internet Explorer browsers will open the forged page that it points to, but with the URL shown as http://online.lloydstsb.co.uk (see image below). However, the true URL is www.newmonc.com:80/l/applypassword.php which traces back to an Affinity Hosting customer (Florida, USA).
This bug has been increasingly exploited by email scammers of late, and we eagerly await a patch from Microsoft. The vulnerability can also allow a fake URL to be shown in the status bar of Microsoft Outlook and browser products (while holding the cursor over the cloaked link). We have set up a Browser Test cloaked link which you can use to see if your browser is vulnerable. You can also check links in emails or web pages for cloaking using our Link Checker, and you can check for URL spoofing while at a web page using our URL Checker.
Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...
Email
Alerts
Add your email address to our email alert service...
Subscribe
Privacy Policy
RSS
News Feed
Tap into our Scam Alert service using your News Reader or Aggregator (including
My Yahoo!).
Scam Alert News Feed
You can even put the latest alerts on your own web site.
FORWARD
YOUR EMAIL SCAMS
TO KU.OC.SELIMSRELLIM@FOOPS
and help us to
build awareness and
help others
We are receiving multiple reports from BlueYonder email account users,
so it appears that the scammers are bulk mailing to these accounts
at the moment. Our reports are also predominantly coming from users
who do not have a Lloyds TSB account. We hope that other users who
do have an account with Lloyds TSB will be aware that this
is a scam, because there is nothing on the surface to tell you that
it is. Please pass this information around so that awareness of these
malicious scams builds and fewer innocent internet users fall prey
to them.
If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.
Take a good look at the following images, because this email scam may be coming to an inbox near you!
The Email ...
The fake web page...
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
