Halifax warning over ‘convincing’ email designed to steal your bank details

Britons are being warned of a “convincing” scam email with fraudsters posing as Halifax to steal customer’s bank details.

The messages appear to come from ‘Halifax’ but the true sender addresses are hijacked Tiscali and TalkTalk accounts.

Consumer site Which? received numerous reports about these unsolicited emails and have shared advice to help people spot fraudulent emails and avoid getting caught out.

Lisa Webb, a consumer law expert at Which?, said: “It is really concerning that members of the public have been receiving convincing phishing emails from fraudsters posing as Halifax.

“Which? is seeing a worrying rise in convincing copycat websites that are designed to harvest people’s online banking login details.

READ MORE: Santander warning as customers lose £300,000 to criminals

“It is vital that banks, domain registrars and platforms hosting fraudulent content on websites act fast and work together to get malicious websites removed quickly to limit the spread of these scams.”

According to Which?, the scammers used convincing Halifax branding in their email and claimed to be asking customers to “refresh their contact details” as an extra security measure. To do this, recipients were asked to click a link.

Anyone who clicks on one of these links is redirected to a fraudulent Halifax website with a very similar domain name to the bank’s genuine one. Once these details are captured, the fake site then invites the victim to reset their password and memorable information or call the bank. The bank number displayed is a genuine number, in an effort to add more credibility to the scam.

Which? reported this particular scam to Halifax as soon as they became aware of it, and has said it “understands that the [fake] website is in the process of being removed.”

Don’t miss…
Tom Hanks warns fans to ‘beware’ of fake video – ‘I have nothing to do with it'[INSIGHT]
Martin Lewis issues urgent alert with key phone number to dodge banking scams[EXPLAINED]
Women have £20,000 less in pension savings than men[ANALYSIS]

Ms Webb said: “To avoid falling for a phishing scam, don’t click on links in unsolicited emails and texts and look out for suspicious email addresses or phone numbers. If you’re unsure of the authenticity of an email, contact the company in question using details on its official website.”

She added: “If you or a loved one do fall victim to a scam then contact your bank immediately and report it to Action Fraud, or the police if you live in Scotland.”

Jon Good, director at bank account validation service Hopewiser, warned that phishing is the “most common” cybercrime, with an estimated 3.4 billion spam emails sent daily. Additionally, the use of stolen credentials is the most common cause of data breaches, with £177.6million lost to scams impersonating banks.

According to UK Finance, only 51 percent of people always check whether a request for money or personal information is legitimate.

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

Mr Good said: “In today’s digital age, staying vigilant against scams is more crucial than ever, with 48 percent of emails sent in 2022 being spam. However, there are several ways you can safeguard yourself against fraudulent emails and texts.

“If you receive a text or email supposedly from your bank, claiming an unauthorised transaction and to click on a link, it is important to remember that reputable organisations will never ask you to click on links via email or text to provide sensitive information.

“Your bank will also never ask you to disclose sensitive information like passwords or PINs through texts or emails.”

He added: “Scammers can copy names, logos and writing styles of emails from official organisations but they cannot make an exact copy of their email address. You can fact-check an email sent to you by searching for the contact details of your actual bank on their website.”

Source: Read Full Article

Pin Up Aviator