Government site from Andorra was involved in the scheme

Aug 10, 2012 20:51 GMT  ·  By

We are seeing a lot of versions of a Lloyds TSB Bank phishing scam these days and the folks from millersmiles.co.uk have identified yet another one. This one is also designed to collect usernames and passwords from users, but it utilizes a slightly different technique.

Unlike earlier versions in which the cybercriminals placed their phishing pages on compromised domains, this time they compromised a website from Bosnia and Herzegovina and altered it to redirect visitors to another site owned by the government of Andorra.

Fortunately, the webmasters of the government website may have noticed that their systems have been hijacked, since the webpage put up by the hackers has been removed and the affected subdomain has been shut down. This may indicate that they’re currently working on addressing the security holes that have allowed the hackers to gain access.

In the meantime, take a look at what the malicious emails look like: DEAR LLOYDS TSB BANK HOLDERS,

Your account has been exhibited from our database due to too many login attempts error, as a bank you are required to fill in your account details correctly to regain access back into your online account.

CLICK HERE TO PROCEED

You have 24 hours to get access back into your Lloyds TSB account

Note: failure to do so will lead to services suspension

LLOYDS TSB Remember, once you enter your username and password on the fake site, you are basically giving the crooks access to your accounts.

Be sure to avoid phony pages and in case you’ve already fallen for the scam, immediately change your password and alert the financial institutions.