Fraudsters aim to sieze control of Lloyds TSB clients' online accounts in this detailed phishing scam which exploits a browser vulnerability and presents genuine content with bogus content...

This spoof Lloyds TSB Bank email (see image below) is in HTML format (although it does look like a text only email in order add a sense of authenticity to the link text description). The link in the email has been further coded to exploit the URL Spoofing bug in which exists in upatched Internet Explorer browsers (to test your browser use the vulnerability check link on right).

Using that link will open a bogus Lloyds TSB web form in your browser. If you use Internet Explorer and have not updated it, you will see a genuine URL in the address bar (http://online.lloydstsb.co.uk) but the window will contain the bogus content. We recommend that you run Windows Update daily and before surfing the internet to ensure that your Microsoft software is up to date.

More worryingly, the bogus page is scripted to open the genuine Lloyds TSB help page in a pop up style window with the bogus content to add a false sense of security to the viewer. For this reason, and the attempt to exploit unpatched IE browsers, we have given this phishing scam a HIGH risk level.

The true URL of the bogus form is http://210.14.228.66/www/.l/applypassword.php which resolves to Beijing Online Communication Technology Limited, Guangzhou Branch, China - nothing to do with Lloyds TSB Bank at all.

Any information submitted into the form would be sent to the perpetrators using PHP script and the information would enable them to take control of your online account.

Our ongoing advice is simple ... whenever you wish to access any online account, always do so by first opening a browser, and then manually type the appropriate URL directly into the browser's address bar.

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

The bogus web page...