Please verify your Lloyds TSB account - Spoof Email Phishing Scam
1st March 2004

" Dear Lloyds TSB valued customer! Please read this important message about security. We are working very hard to protect our customers against fraud. Your account has been randomly chosen for verification. "...

read also our brief guide to Phishing

This spoof Lloyds TSB email (see image below) is in HTML format (although it is crafted to look like text only format) and contains a link which is disguised to look like a genuine link to a Lloyds TSB web page.

The link is further coded to exploit the URL spoofing vulnerability that exists in unpatched versions of Internet Explorer. This bug allows the URL (in the browser address bar) to be spoofed - for instance, online.lloydstsb.co.uk would be shown while a bogus Lloyds TSB Bank page, at a completely different URL, would be displayed in the browser window. Please ensure that you run Windows Update to patch your version of Internet Explorer.

If you are not sure if your browser is vulnerable to this exploit, we have set up a Browser Test. You can also check links in emails or web pages for cloaking using our Link Checker, and you can check for URL spoofing whilst at a web page using our URL Checker (which will also reveal the true origin of the web page that you are viewing).

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The bogus web content that the link points to had been removed by the time we received this first report, but we fully expect a new location to be found for the bogus Lloyds TSB page and will update this report as and when this happens.

The Spoof Lloyds TSB Email ...