Emails purporting to come from Virgin Money – the UK bank and financial services company owned by the Virgin Group – are attempting to trick recipients into clicking on a link that takes them to a phishing website.
According to Hoax Slayer, the emails entitled “Important E-mail Notification,” read something like this:
“Re-Confirm Your SiteKey
Your SiteKey is a security measure that lets you know that you are at our authentic Online Banking site. Once created, your SiteKey will be displayed after you enter your user name when you log on to Online Banking. Do not enter your password without first seeing your SiteKey.
Your SiteKey includes both an image and an image title. You may select the current image displayed or choose a new image from the available selection.
Due to recent upgrade of our database. All bank account holder are requested to re-confirm his/her sitekey to enable our security database recognise your system and can be easily remembered.
Please click on the help centre link below to get started
The Virgin Money Team”
The emails are well designed. In fact, all the logos and the layout are taken from the official Virgin Money Magazine. Furthermore, most of the links point to the legitimate website.
However, the link on which users are urged to click takes victims to a phishing website where they’re asked to enter their usernames and password.
Once this information is provided, a second page requests additional sensitive information.
Users are advised to avoid such emails.
Those who already took the bait and provided their credentials are recommended to immediately change their passwords and contact their financial institutions.
The cybercriminals will likely use the information to commit all sorts of crimes. That’s why it’s important for those who fell victim to take immediate steps to protect their identities and their financial assets.