Halifax Phishing Scams
Date: 19 September 2007
Received from "Halifax Internet Banking" <email@example.com>
Subject: Halifax UK Official Information
Bcc: <Several variants of the recipient's e-mail address>
Dear Halifax UK user!
Our Maintenance Division is performing an arranged Electronic Banking Service update
By clicking on the link below please begin the procedure of the user details update:
These directives are to be e-mailed and followed by all users of the Halifax Group
Halifax Banking Service does apologize for the problems caused to you, and is very appreciative for your cooperation.
If you are not client of Halifax Plc please ignore this email!
***** This is an automated message, please do not respond *****
© 2007 Halifax Online Service. All Rights Reserved.
Another phishing scam, created by a bunch of amateur scammers. The layout and formatting of this e-mail is similar to phishing scams like the Royal Bank Of Scotland phishing e-mails.
First of all they sent this e-mail to a whole bunch of people through the Bcc field, but during the spoofing process they messed up the e-mail header so bad, that the Bcc field, which was supposed to be a "Blind Carbon Copy", became visible to the recipient of the e-mail. Just ask yourself the question, if a bank ever had to send you an important e-mail, why would they Bcc several other recipients with a "highly confidential" e-mail?
Secondly, they messed up the anchor text of the phishing link. The top-level domain of the link in the example above is session00746, without a domain suffix. We're afraid that "session00746" is not the top-level domain of Halifax, so just by looking at the link you can already tell that the e-mail is a fraud.
Finally they end the e-mail with the line "If you are not client of Halifax Plc please ignore this email!". Why would Halifax send e-mails like this to people who are not their clients? The answer is simple, no professional institution will include ridiculous statements like these in their e-mails, not even to speak of sending e-mails to people who are not even their clients.
Date: 15 August 2007
Received from "Halifax Security Department" <onlineservice@Halifax.co.uk>
Subject: Account Update Notification
IMPORTANT SECURITY ALERT
Please note that our system recently noted that your attemption of signing on to your
account was failed while some errors occured during the processing update of your online
account you are having with our bank so we temproarily locked your online account for
We hereby notify you that you should kindly follow below link to update and unlock your
online account for your security safety ensured by our financial insititution.
CLICK HERE TO UNLOCK AND UPDATE YOUR ACCOUNT
Thank you for your prompt attention to this matter. Please understand that this is a
security measure meant to help protect you and your account.
We apologize for any inconvenience.
If you choose to ignore our request, your account may leads to be temporarily suspended
Investment Fund Managers Limited, Halifax Life Limited and Halifax Share Dealing Limited are
authorised and regulated by the Financial Services AuthorityThey are entered in the Financial Services
Authority's Register and their Register Numbers are 106048, 119223, 171881 and 183332. This is an
English language site, all contracts will be in the English language only. For optimal viewing of this site
you will need Macromedia Flash version 5 or above. Copyright © 2007, Halifax plc. All rights reserved
It is almost impossible to think that anyone can fall for a sloppy e-mail like this. The first paragraph has 3 misspelled words and it ends with two full stops. In the second paragraph they misspelled the word "institution". In the text at the bottom of the e-mail, they forgot to put a full stop and a space between "Authority" and "They". Everybody makes mistakes, but no professional institution is as sloppy as this.