796/1). Halifax (HBOS) - HTML.Phishing.Bank-490
This email targets customers of Halifax (HBOS).
Message Details
| Malware Name: | HTML.Phishing.Bank-490 |
| Origin: |  Italy |
| Date first seen: | 25/07/2006 13:00:37 |
| From: | Halifax PLC <secure@halifax.co.uk> |
| Subject: | Important Notice |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://bizub.info/e/httpswww.halifax-online.co.uk_mem_binFormsLogin.aspsource=halifaxcouk/ |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Online Logo
Important :
April 15,2006
Attn: Customer,
Halifax Bank PLC. always look forward for the high security of our clients.
Some customers have been receiving an email claiming to be from Halifax
advising them to follow a link to what appear to be a Halifax web site,
where they are prompted to enter their personal Online Banking details.
Halifax is in no way involved with this email and the web site does not
belong to us.
Halifax is proud to announce about their new updated secure system. We
updated our new SSL servers to give our customers a better, fast and secure
online banking service.
Due to the recent update of the servers, you are requested to please update
your account info at the following link.
[1]https://www.halifax-online.co.uk/_mem_bin/formslogin.asp
*Important*
We have asked few additional information which is going to be the part of
secure login process. These additional information will be asked during your
future login security so, please provide all these info completely and
correctly otherwise due to security reasons we may have to close your
account temporarily.
J. P. Donells
Security Advisor
Halifax Bank PLC.
References
1. http://bizub.info/e/httpswww.halifax-online.co.uk_mem_binFormsLogin.aspsource=halifaxcouk/
Embedded Images
The following images were embedded in the email. Sometimes, the message text is just there to confuse anti-spam filters, while the reader is presented with a clickable image which shows the "real" message.
