Lloyds TSB Attacked by Phishing Scam

Look what landed in my inbox this morning:

Lloyds TSB - header image from spoof email

We’ve all heard of the online banking fraud that goes on, but I hadn’t seen such a blatant example still live on the web until today. As part of the Rising Tide server switch, I’ve had to temporarily alias a couple of mailing list subscribe / unsubscribe address to my own email account, and I got a spam email to one of them this morning. To me it was immediately apparent that it was a fake, but it’s easy to see how a large number of non-technical internet users are drawn in by these extremely realistic looking scams.

Check out these screen shots:

The real Lloyds TSB online banking site.
The fraudulent site.

My first reaction was to check out the domain name the fraudsters were using — lloydstsb-bank.biz — turns out it’s registered through the New Orleans Leftover Data Center, a rather dubious company who I’ve come across before – they bought up theyellowhouse.info, the domain name for a site about eco-housing one of my colleagues made (now located at www.theyellowhouse.org.uk) when he accidently missed a renewal payment. Even though the site was part of a non-profit doing some really great work, they refused to even consider selling it back.

They didn’t answer their phone, so I emailed them to tell them they really should pull that domain name off the web, and I then called Lloyds TSB online… turns out they already knew about the fraud, and are trying to get it shut down, but at the time of writing this the fake site is still live. I won’t link to it though, that would be stupid.

I doubt Lloyds will make public how many accounts are compromised, but I know there will be some. It is sad the lengths some people will go to driven by greed. (Put it this way, I doubt the perpetrators were planning to donate the money to OCAP.)

Update: It gets better. I had a look in more detail at the site, and – can you believe it? – they’re pulling all the images and the css straight off the real Lloyds TSB site! Not only are the scammers trying to rip off customer details, but Lloyds TSB are paying for most of the bandwidth! Incredible. I called them up again to let them know that they could simply and easily make the fraudulent site look, well… not so much like Lloyds TSB online anymore. By simply changing the names of the images they use on the real site, and maybe replacing the old image with a different image of the same name that would then be served as part of the fake site… “This site is a fake – don’t enter any of your online banking information” ought to do it. Or even more simple – just swap out the css file and replace it with:

body { display: none; }

Personally I’d probably go for a more creative edit ;-)

Of course their tech department closed at 5pm UK time and the poor people on the Internet Banking helpdesk don’t have access to do that kind of thing. I’ll check the fake site again tomorrow morning – hopefully it will look a little different!

13 Responses to “Lloyds TSB Attacked by Phishing Scam”

  1. Gravatar Image

    i opened my online banking this morning and to my horror found that somebody had accessed my lloydstsb current and savings account and emptied them both. i have never replied to any lloyds emails fake or otherwise but still this has happened to me. i contacted lloyds who are dealing with the issue but will not start until i have a crime reference number from the police . i go to the police they CANT issue crime reference number until they now where the crime was committed!!!!! its great to be british haha. give me five minutes with whoever did this and ill make sure he never uses a keyboard again.

  2. Gravatar Image

    Ouch, that’s brutal. Even if you never went to a fake site or replied to a phishing email, it’s possible you have caught a virus, trojan or worm that was monitoring your keyboard activity for things like banking passwords and sending them to who knows where. I would make sure you have up to date anti-virus and anti-malware software running, scan your whole computer, and don’t use online banking until then.

    The incredible thing with that scam back in February (which is long since shut down, although I don’t doubt there have been many many others since) was that they were hotlinking the images and CSS straight from the real LloydsTSB website… I tried to explain this to LloydsTSB fraud people but they didn’t have the technical knowledge or authorisation to take the (very simple) steps to render the fraudulent site immediately useless. It would have taken me a few minutes, been much quicker than waiting to get the site disconnected by the hosting ISP, and might have saved some people the horrible experience you’ve gone through of having your accounts emptied.

  3. Gravatar Image

    They say there’s no fool like an old fool.
    Yes! I fell for the supposed Lloyds TSB Security Email asking me for details to upgrade my online security. And yes they emptied both my own account and our joint account:£5,100
    TSB have replaced the money back into our accounts, but we are left wondering what steps to take to avoid it happening again.

    I update my Norton A.V.(corporate edition) on a weekly basis, my windows firewall is set to automatic updates, and I also update my Spybot-Search and Destroy.

    I was hoping for some advice from TSB regarding cancelling my accounts and opening new ones, changing online passwords, changing credit and debit cards etc. etc. but with the exception of not being able to use my credit card, it seems to be carry on as normal.
    It is the not knowing just how much information these fraudsters now have that is causing us to worry.
    Patrick. (aged 72)

  4. Gravatar Image

    That’s brutal Patrick… I’m glad Lloyds TSB returned all your money. Unfortunately anti-virus software doesn’t really help with phishing scams like this. The new version of the Firefox web browser (a good alternative to Microsoft Internet Explorer that I recommend to people) has a built in fake site warning for sites that have been reported, so you could give that a try – although having been caught out once, I doubt you would be a second time.

  5. Gravatar Image

    We can’t seem to access the real lloyds website at all from our home computer at all after getting several fake (Phising emails) that we didn’t click on but we can open the site from other locations in Beijing. No idea if our money has been taken or not as I don’t want to use my passwords on an internet cafe website. Any ideas on how to check if there is something installed on the home computers that is doing this. I have run all of the norton anti virus scanning and the microsoft anti virus and spyboot. Still no luck. Any ideas would be helpful. Thanks


  6. Gravatar Image

    I got an e-mail from [email removed], Using Lloyd bank, That I had won a lottery, and asking for my name, and other personal information, I e-mailed them back telling them that if this was a scam and this was an ID theft, it wouldn’t do them any good, my credit is ruined.

  7. Gravatar Image

    I don’t even have a Lloyds Tsb account, I do not live in the UK, but I got this email and just out of interest I put in a made up username and password, it just flicked me to the real (or what looked real) Lloyds tsb site. Yes, this was a really dumb thing to do, I know, it was just pure devilment, I know it was a scam and wanted somebody somewhere to receive an invalid password. Now I am worried that I have let somebody into my computer just by responding to this email and am scared to access my real internet banking incase I’m being ‘watched’. I do have antivirus thingies running am I safe?

  8. Gravatar Image

    Have been having problems with Lloydstsb online banking, Log on as normal but once in a popup appears asking for Pin credit card number memorable name and much more.
    Obviously have not entered these details, but it is worrying that this does not happen until I have already logged in ( Can see balance but then this pop up stops any further action and will not delete). I have bang up to date anti-everything ( from 2 different providers) but nothing will clear it!!!!!!!!!!!

  9. Gravatar Image

    I got the dodgy Lloyds TSB login too. The first time it just asked for my full memorable information (which i did enter :-( ). But the second time it asked me to put my ATM card no, CVV No, Expiry date, Memorable info etc. Then I thought that something seems not right. When I called the bank, I got to know that its a virus and they have cancelled my internet service. So far the money is there but I am soo afraid.

    I plan to go home and scan the computer twice and also format it if needed, make a clean restore point and delete any older ones. Mr. Gates can go to hell for all I care and he can take his IE with him. I am a firefox man all the way now…!!

  10. Gravatar Image

    In my case my computer was infected with a virus that re-directs me to a fake LloydsTSB site when I link to it from my list of favourites.
    The first Lloyds page looks exactly like the genuine one and here you enter user name and password only.
    Then when you click to proceed to the second page it looks very similar to the usual Lloyds page but asks for complete memorable information rather than just a selection of characters.
    Fortunately I was suspicious and did not proceed.
    No money lost and all details now changed.
    Lloyds advised that you should not keep any links to financial websites in your browsers list of favourites (or bookmarks)
    Instead you should type the address in each time you wish to use the service.
    By the way I was using Firefox so cannot blame Windows Internet Explorer.

  11. Gravatar Image

    I’ve been a victim of this idiotic scam! :(

    I recently got an email from ‘Lloyds.TSB.UK.srv@lloyds-tsb-uksrv.com’

    “This e-mail has been sent to you by Lloyds TSB to inform you that your account will be deactivated within the next 24 hours due to several unsuccessful login attemps on your account.
    To prevent this to happen please login securely to our activation link:www.lloydstsb.co.uk/online-data-verification/cust&usr=lalalaura-x@hotmail.co.uk&cvt=@0z21

    If you have already confirmed your information then please disregard this message.

    Lloyds TSB member services.”

    And i stupidly enough filled it out.
    After realising it asked for my ATM pin, internet account password/memorable information… i got suspicious and rang Lloyds TSB myself, as i knew your not allowed to ask for my ATM pin etc.
    I have had my card deactivated/cancelled as well as my accounts.

    I hope someone catches these idiots!

    The URL Address which was meant to be the Lloyds TSB one, for the internet account login, was actually this on the fraud site:


    So if anyone see’s these URLS on a Lloyds TSB address bar, they’re fake!
    I hope i could help!

  12. Gravatar Image

    I do this, I fill in the fake forms each time. But obviously not with my real details or name. I’m sure the people who get the information have to wade through this crap and then work out it is fake. It will take them a least a few hours. If you do it as well then we will in effect waste their time. go on give it a go. I did it with a sucker who tried to scalp me on Ebay with a fraudulent money transfer. I told him I was in fact a documentary film maker and would he be interested in his story, and why he has to do this sort of thing. I promised that I would be compassionate etc etc. Ha, the dick fell for it. I kept drip feeding him promises, money fame. The dick kept falling for it. I had him waiting in a maney transfer office in Dublinfor 4 hours waiting for he money to come through

  13. Gravatar Image

    I just got a same experience. When I logged in, one other window just opened and asked me to give a lots of information from my card, and I gave for them, I didn’t think nothing wrong. For long therm nothing happened, just somehow I had 1.90£ on my saving account, I though it was the bank (stupid me). On that time, I was working part time, so I had 160.£ every weeks, maybe that’s why they didn’t touch it. After I had a full time job, which is pay me every month around 1300.£ on Monday (18.06.2012) my simcard which was set up on my online banking just started to not working, I called orange to ask them why, they said they don’t know maybe because I didn’t top it up long time ago. I didn’t worry about it anymore. But on Saturday I received a letter from lloyds which is said I’ve got -17£ overdrawn, and they sent my statement as well, which is says I transferred money to my new saving account, what I didn’t open. I just run to the bank, but suddenly I met there a knowles lady who just gave me an appitment for Monday. So I needed to wait 2 days to know what’s going on. So on Monday I was on the phone with someone who was found out with my money. Someone was open a new saving account and transferred my all money there. They did call orange to ask them to deliver my number to an other sim card or ask them to transfer my all incoming calls. And just sent my money to someone, when my bank was calling me they get my call, so was easy for them. Thank you so much for u and your week security.. The bank found out the money went to a girl who is only 17 years old, which is surprised me is most of my money was still on her account. So this is my new experience. Anyway I’ve got my all money back. Ps.: is could be done on Saturday.

Leave a Response

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Search
  • Meta

  • Old Browser

    It seems you are using an old web browser (e.g. Internet Explorer 5 or below). This is a security risk to you, since Microsoft no longer releases updates for old versions of Internet Explorer. Also, note that this site is designed to modern internet standards, and the layout may appear strange or plain in older browsers. All the content is still accessible to you, but I strongly recommend you upgrade to a modern, safe, standards-complient browser, such as Firefox. For more information on getting the best experience surfing the web, see browsehappy.com.