Alleged changes to interest rates used to lure users

Apr 21, 2015 17:41 GMT  ·  By

Emails claiming to be from Tesco Bank are currently reaching users in an attempt to trick them into accessing fraudulent pages.

Any communication from the bank is of importance to users and cybercriminals know this all too well, allowing them to prey on the recipient’s interest.

Initial stage asks for basic login info

The messages purporting to be from the bank come with the subject line “Tesco Bank Changes to Interest rate,” and include an attachment under the form of a webpage which loads the phishing website.

According to Hoax Slayer, who caught a sample of the malicious email, the crooks have made the effort to ensure that they get the bank account credentials from the victim.

As such, the initial fraudulent page, which resembles the original login location from Tesco, asks only for the username, security number and the password for the online banking account.

Two-factor authentication bypass attempt

Tesco adopted a protection measure known as two-factor authentication (2FA) that consists of sending an additional security code to the client’s phone, which is required to complete the authentication process.

Since the details are entered on a bogus page that is not controlled by Tesco, no code is delivered. However, the crooks have added on the fraudulent site a link designed to be accessed by the victims if they do not receive the secondary code. “Clicking this link opens another fake Tesco page that asks you to provide account details and name and contact information as well as your security questions and answers,” says Hoax Slayer.

Once all the data is collected by the cybercriminals, the victim is redirected to the original Tesco Bank login website. Unless the victim realizes the scam and informs the financial institution, their online account can be hijacked, based on the provided information.

One way to spot a fake email, although this is not foolproof, is the absence of the customer name in the greeting line. Banks have this information and use it when communicating with the customers; scammers, on the other hand, have to resort to other tricks to distract the recipient from this.