Scammers are targeting TSB customers with phishing emails in the hope that they will hand over their bank details. The messages sent by scammers claim to be from the bank and inform customers that their accounts have been suspended due to “recent technical and security issues”. They then ask the account holders to verify them by clicking on a link that’s provided. Instead of directing customers to the genuine TSB website, customers are taken to one run by the fraudsters. IT security experts commented below.
Eyal Benishti, CEO & Founder at IRONSCALES:
“It would be a huge understatement to say TSB have gotten themselves in a bit of a pickle- we know that, and by the looks of it, the bad guys have realised there is money to be made by exploiting the unfortunate situation. Phishers know when to pounce, and with the continuing technical issues at TSB, they are hoping to slip some scams under the radar and take advantage of customers already unsure of what is going on. All it takes is one click for an unsuspecting victim to be conned out of their hard earned cash, and with everything going on, they might not even realise it straight away.
Spoofing and impersonation scams like these, are becoming even more difficult for even the most trained eye to spot; the phish is relevant to the recipient, and at first glance, nothing appears to be wrong. Always remember, a bank will never, under any circumstance, contact you in this way to ask for your personal details. Never hand over any official information, and if you are even slightly suspicious, contact either the ‘Sender’ and if at work, your IT Security Team. Scams like this are often spotted relatively quickly, so keeping an eye on social media, news sites and even doing a quick Google search, could prevent you, and your organisation, from becoming the latest victim.”
Daniel Cohen, Director at RSA Fraud and Risk Intelligence Unit:
“Unfortunately it is quite common for fraudsters to take advantage of disruption. In order to protect against these opportunists, people should avoid clicking on links in unsolicited emails and SMS messages – a real bank will never ask you to give up login details, PIN numbers or financial information, so if you see a message telling you to then it’s likely to be fake. Instead of clicking links, search for the website using an engine. If you do follow a link, be sure to check the URL of a site you’re visiting is correct before entering any details and that it has a secure https symbol to prove it is secure. Obviously, if there is a security warning, then do not proceed with entering any details. Often spoofed sites will have a few letters in the wrong place, or it won’t match up with the official site, giving clues that it is a fake – the devil really is in the detail. Lastly, if you have any doubts, check official company websites for a phone number, and call to get validation before sharing any personal information. It’s up to all customers to be vigilant, but they aren’t alone, with UK initiatives such as ActionFraud available to offer advice, and verify if the communication is legitimate or not.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.