End User scams security

Great phishing season

All you anglers out there will appreciate this little phishing effort from “Lloyds Bank”. I picked it up from our spam filter – pleasing to see that it works. I do wonder what percentage of recipients of this kind of email actually fall for it.

This one isn’t a bad attempt though as is the nature of these things they have speled departament wrong & the use of grammar isn’t quite how I like it. Should have worked harder for their English GCSE. They might have got a proper job instead of having to resort to crime. The italics are mine.

The inset photo is of me with a phishing rod on the pier at Whitby, Summer 2008 (fwiw – it’s the nearest I could find that had anything to do with the subject).

Dear Customer,

This is an important Lloyds TSB Bank Security Message. We reviewed your account and we suspect that it may have been compromised. Assuring the security of your account and of Lloyds TSB Bank’s Network is our primary concern. Therefore, as a preventive measure, we have temporarily limited your account. Please take the following steps in order to restore your account access and ensure that your account has not been compromised:

1. Please Download the Login Form attached to your e-mail.

2. Login to your Lloyds TSB Bank account and fill in all required information.

3. We will review your activity to confirm that you are the account holder and we will remove any restrictions placed on your online banking account.

If you choose to ignore our request you leave us no choice but to suspend your online account indefinitely.

IMPORTANT NOTICE: You are strictly advised to match your information rightly to avoid service suspension.

Kind regards,
Lloyds TSB Bank Online Security Departament.

Please send us any scam/phishing emails you have received. Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Lloyds TSB Online Bank account and choose the “Help” link on any page.

Copyright Lloyds TSB Bank Plc. 2012 – All rights reserved. Email ID # 705

End User internet online safety scams security

Internet scam awareness

I’m very proud of my wife. She got one of those phishing calls yesterday saying that a problem had been reported with a virus on her PC.

She is one of least technically savvy people going but told the caller (who was, from his accent, not from ’round here) where to go without batting an eyelid.

She said we have Radio 4 to thank as she had heard an item regarding such scams on the Today programme sometime recently. Good old Radio4, good old Mrs Davies.

End User online safety scams security

Phishing by”Microsoft” engineers

I’m getting reports of increased levels of phishing attempts on broadband customers. People get a call from someone purporting to either work for Microsoft or on their behalf. The flavour of the calls go something like this:

  • “We are working on a password security breach”
  • “We are working with Microsoft and your ISP to increase your broadband speeds
  • “We have identified a problem with one of your servers and can fix it for £250”

By and large they want you to click on a link and then of course “you’ve been had”. Unfortunately as in many aspects of life on the internet the only real way to avoid being had is by being internet savvy. There is no quick fix.

End User scams security

New phishing attempt doing the rounds under guise of HMRC

It amuses me more than anything to see phishing attempts hit my inbox though it does worry me that I will one day have this uncontrollable urge to click on the link provided.

Today’s, looking as if it had come in from Her Majesty’s Customs and Revenue, was mildly believable.  It is after all coming up to that time of year where we have to think about tax returns.

The message read:
Taxpayer ID: trefd-00000159883557UK
Issue: Unreported/Underreported Income (Fraud Application)

Please review your tax statement on HM Revenue and Customs (HMRC) website (click on the link below):

We caught this spam but it did attempt to get delivered to many Timico employees. For the safety of the reader I haven’t reproduced the link but I’d be mildly interested in a straw poll to see how many people got the email. And how many actually responded to it!

That’s not my taxpayer ID by the way 🙂

End User internet scams security

Email scams

I went in to BBC Radio Lincolnshire this morning, as is my occasional wont, this time to talk about email scams. I am not particularly a security expert but I guess being in the ISP game I would get more exposure to this than your average Radio Lincolnshire listener.

It was all about phishing emails from people after your bank account details, and especially spoof emails notionally from people you know. As a bit of background research I googled “how to hack MSN” and I was astounded to find 952,000 websites on the subject.

Similarly there was plenty on Twitter and no doubt there will be stuff out there on Facebook and others. I didn’t follow more than a couple of links and the first article had already been removed. It does certainly highlight the vulnerabilities of the web.

I get phishing email daily, mostly caught in my spam quarantine folder, and all of which get ignored/deleted. I do get some very genuine looking spam though appearing to come from reputable contacts.  In one example a business partner of Timico’s had its contact databased copied a number of years ago.  I still get spam appearing to come from this partner.  There is nothing they can do about it. The data is gone.

I have never personally met someone who has been caught out by one of these phishing attempts. Not that is until last night when a friend rang me up and during the conversation mentioned that it had only just happened to him. He was busy and stupidly responded to an email and typed in his bank account details!

Luckily for him the bank spotted an unusual transaction and refunded the cash after calling him to check. It just goes to show how easily it can happen – to the unwary.

End User scams security


As I’m sure most of you know Phishing is a scam whereby unfriendly persons try to coax confidential account details out of individuals so that they can attempt to steal things. We are talking bank account information, network logons etc.

Well this morning Timico was subjected to a phishing attack and many users were sent an email purporting to be from the company asking for username and password logons for their network and email accounts. It was a very poor attempt using the typical poor grammar of the criminal mind. The notional email address of the perpetrator was also left in full view.

I am not aware of anyone from Timico daft enough to respond to this but I thought it worth a blog post to show others the type of attack to be wary of. Internet users beware.

I do seem to get a wealth of material to blog about at Timico.