128/95). Lloyds TSB - HTML.Phishing.Bank-532

This email targets customers of Lloyds TSB.

Message Details

Malware Name:	HTML.Phishing.Bank-532
Origin:	United States
Date first seen:	21/06/2007 07:00:28
From:	Lloyds TSB Bank plc <Customerservice@lloydstsb.co.uk>
Subject:	Security Alert: Update Your Account Ownership 2007

Attacker's URLs

The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.

The table shows the current status of the site: if it is still reachable (), or if it has been shut down (). If the site has not been confirmed as a phishing site it is shown with the symbol . The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the symbol.

Status	First observed	Shut Down	Internet Address	URL
	21/06/2007 07:10:14	21/06/2007 07:10:14	85.14.38.2	http://www.remedy-guild.com/images/bosses/up

Message Text

The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.

   [IBL_banne r.gif ]
     _________________________________________________________________

   personal & business account
   Security Alert

   Please note that Your Lloyds TSB Online Account is about to expire. In order
   for it to remain active, please Use the link below to proceed and access
   your account.

   [1]https://online.lloydstsb.co.uk/customer/Login.ibc< /a>

References

   1. http://www.remedy-guild.com/images/bosses/update.html