#17365 by David Jansen
Tue Nov 24, 2009 10:35 am
This scam has the purpose of phishing confidential account information from Halifax bank customers. Although everything seems to be genuine, it's certanly not. Even the email address of the sender looks legit but it's not that difficult to change the "from"address when sending emails. If you do get such emails you could check out the real bank website. There you will find a link to a page with a warning for these kind of phishing scams. On the Halifax website on the right there's a link which says "phishing scams". Click on it and you'll find a scam warning. Best is to google the name of the bank and click the link found on google, DO NOT click links in the scam emails.
Sender's ip is hidden.
Sender's ip is hidden.
Online banking billing error information message from Halifax
From:
"Halifax" <[email protected]> [Add]
To:
Date:
Tue, 24 Nov 2009 6:32 AM (8 hours 47 mins ago)
Return-Path: <[email protected]>
Received: from compute2.internal (compute2.internal [10.202.2.42])
by store66m.internal (Cyrus v2.3.15-fmsvn20771-f904b41c) with LMTPA;
Tue, 24 Nov 2009 00:32:48 -0500
X-Sieve: CMU Sieve 2.3
X-Spam-charsets:
X-Resolved-to:
X-Delivered-to:
X-Mail-from: [email protected]
Received: from mx6.messagingengine.com ([10.202.2.205])
by compute2.internal (LMTPProxy); Tue, 24 Nov 2009 00:32:48 -0500
Received: from a60.wangyv.com (unknown [205.209.142.60])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx6.messagingengine.com (Postfix) with ESMTPS id E1F5713F
for <>; Tue, 24 Nov 2009 00:32:47 -0500 (EST)
Received: from nobody by a60.wangyv.com with local (Exim 4.69)
(envelope-from <[email protected]>)
id 1NCo0x-0003uU-Kt
for ; Mon, 23 Nov 2009 21:32:35 -0800
To:
Subject: Online banking billing error information message from Halifax
From: Halifax <[email protected]>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <[email protected]>
Date: Mon, 23 Nov 2009 21:32:35 -0800
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - a60.wangyv.com
X-AntiAbuse: Original Domain - fastmail.fm
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - a60.wangyv.com
X-Truedomain-DKIM: None
X-Truedomain: Neutral
The external images in this message have been disabled to prevent web bugs.
Click here to show the images.
Online Logo
Dear Halifax Customer
During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your billing information.
This might be due to either of the following reasons: security Department
-A recent updates in our billing server ( Due to slight problem )
-A recent change in your personal information ( i.e. change of Question ).
-An inability to accurately verify your selected option of payment due to an internal error within our processors.
Please update and verify your information by clicking the link below:
FastMail.FM WARNING: URL text and host don't match, possible phishing attempt. URL disabled. Original URL='http://www.nexmobile.co.kr/gnuboard4/data/file/sneocreamdlcnt/formslogin.html'. Original text=' https://www.halifax-online.co.uk/update ... /Login.asp? source=halifaxcouk'. For more information on phishing click here.
If your account information is not updated within 48 hours then your ability to access your account will become restricted.
Thank you
Halifax Bank Plc
Being a victim doesn't mean you stand alone. We're here to help you.
