Friday, October 14, 2005

An Unusually Slick Phishing Attempt

This one's victim-bank is Halifax Bank in the UK. The subject line reads "URGENT ATTENTION - Halifax-Online Fraud Notice" and the body begins by advising of recent phishing attempts against Halifax customers (which, according to Halifax's own site, is even true) and then asks the customer to contact Halifax on receipt of such e-mails!! (The customer service phone number quoted is even the real one.)

The e-mail continues by advising that Halifax has updated their security system. They are proud of their new SSL servers "where there is no risk of fraud and your account details are kept encrypted at all times." Naturally, because of this update, you are....guess what?..... asked to log on to the system and "verify your account info at the following link"

Such link being of the usual format -- an IP address (211.35.64.201) hidden behind a reasonable-looking URL -- which points to a real page on Halifax's servers.

The e-mail is unusually slick, as well as being cheeky. It's almost devoid of spelling mistakes ("unauthorized" should be "unauthorised" since it purports to come from a British company) and likewise of grammar mistakes ("securer" instead of "more secure" and one missing "to"). It could easily have come from a real person at the bank.

The image at the top of the e-mail actually comes from the real Halifax servers; as mentioned, the phone number quoted will actually get you to Halifax customer service, and if the URL is typed in by hand to a browser it will get you to Halifax's own servers.

This phishing attempt is almost perfect, a great use of social engineering and professionally put together.

0 comments:

 
Copyright 2018 e2e Security. Powered by Blogger Blogger Templates create by Deluxe Templates. WP by Masterplan