Beware! There’s Yet Another Phishing Scam Doing the Rounds
Phishing scams, and in this particular case of a SMiShing (SMS Phishing) scam, are becoming increasingly common and seemingly more and more sophisticated in the plausible and realistic forms they take, being designed to exploit our innate social habits around curiosity, wanting to help others, and being efficient. Their intention is to trick you into stealing your valuable or sensitive information, sabotaging your systems or stealing money by mimicking someone or somebody that you trust, such as your bank, government agency, a work colleague or a business or brand name that you often use.
One such instance arose earlier today with our MD who received the following SMS:-
As you can see, the message was supposedly from a well-known high street bank and the subject matter alluding to an attempt to let him know about a security concern with the account.
If you’ve never dealt with this bank before then you probably wouldn’t act on the message. However, if you do deal with them, or have in the past, then in an effort to avoid any possible security issues, you may feel the urge to click on the link.
Our MD recognised several red flags and the suspicious nature of the message so reported the matter immediately to our security team. These red flags included:
- The link provided was Unsecure, using http not the Secure https.  Domains that use http are unsecure whereas https securely transmits information. Although a growing number of phishing websites are now hosted on https domains, this is still a good indicator of the legitimacy of a site, and a good reason to handle with care and suspicion;
- The address is not a www.halifax.co.uk/xxxx like you would expect. While in this case the address is obviously very different than you’d expect, quite often a similar address will be used in attempt to fool the victim. For example “hallifax.co.uk”. When in doubt, go directly to the source via your usual, safe route, rather than clicking a potentially dangerous link.
He did however, navigate to the page securely to check it out and was directed to this spoof website.
There are some giveaways to this being a ‘dodgy’, suspicious site (which we’ll come to in a moment) but all in all it’s a pretty convincing spoof site, wouldn’t you agree?
The layout, images and formatting are all meant to mimic those seen on the genuine site. There’s even a “You’re signing into a secure site” message in the top right! We can see that this is not true as the site URL is not a Halifax address, as you’d expect, and it does not show the padlock symbol to the left of the address. 
This phishing site, like many others, is designed to steal your online banking username and password, which can obviously have a devastating impact on the victim. In some cases, after entering your credentials the site then redirects you to the real site so that you are none the wiser to being a victim of the scam.
Sadly, this kind of incident and attack is becoming more and more frequent and is something that most people have experienced and it will continue to happen.
To protect ourselves we should always err on the side of caution. Staying informed of latest methods and scams by sharing our experiences is another way we can try to stay one step ahead of the cyber criminals circulating these scams. You can report a misleading website, email or phone number to Action Fraud. The emails received by Action Fraud will be forwarded to the National Fraud Intelligence Bureau for collation and analysis.
Stay safe, be vigilant and always think before you click.
‘Constantly working to help make the UK a safer and better place for SMEs to do business’