Apr 19, 2011 09:57 GMT  ·  By

A new phishing campaign is targeting customers of Lloyds TSB with fake emails carrying rogue attachments that claim to come from the bank's security team.

The emails try to lure in victims by suggesting they have to receive money through their subject that reads "You have an incoming payment."

The body text is lacking in details and only says that: "This massage [sic.] was sent by LloydsTSB Security team Proceed Security Via Attachment."

Judging by the poor spelling the scam's creators used a short message because they didn't handle the English language very well.

This phishing attack follows the recent trend of using HTML attachments instead of linking to external websites directly.

Opening the attached Lloydstsb-onlinebanking.html file will display a page that bears the Lloyds TSB branding elements and contains a more detailed message. It reads:

"Dear Valued Customer, You have an incoming payment. We are unable to process this payment to your account as your details cannot be verified. To view this transaction and your current balance, click on the link below."

This message is well spelled and the page is well designed, suggesting the attackers either used a pre-made kit to generate everything or modified a campaign created by someone else.

The advertised link takes users to a phishing site that spoofs the Lloyds TSB Internet banking login page. If they enter their login ID and password, they are redirected to another form asking for their date of birth, debit card number, ATM pin and their memorable information.

After all data is submitted, users are directed to the real Lloyd TSB Internet banking site which ironically displays a warning reading "We'll never direct you to the LOGIN page from an email."

"Remember, if you ever have any doubt about something you've received via email that claims to come from any institution that may be requesting personal information, or making claims of any sort, go directly to the site in question and do some investigation," advises Fred Touchette, security researcher at AppRiver.