14 DAY TRIAL // Customers of MINT, the Royal Bank of Scotland (RBS) service, are advised to be on the lookout for fake emails sent out by cybercriminals in an effort to trick them into handing over their personal and financial details.
The emails carry the subject line “MINT VERIFICATION PROCESS” and they read something like this:
“Dear Valued Customer, We detected irregular activity on your MINT Credit Card. For your protection, You are required to verify your account as the primary owner before you can continue using your card. We will review the activity on your account and remove any restrictions placed on your account. Please kindly follow the reference link below.”
In a sample submitted to millersmiles.co.uk, the links point to a hijacked website from Spain, that’s set up to redirect victims to another website from Greece.
On the .gr website, the cybercriminals have set up a MINT phishing webpage that instructs users to enter their username. Once that’s done, internauts are asked to provide additional financial and personal information that can be used by the crooks for fraudulent transactions and identity theft.
It’s worth noting that just as this article was being written, the administrators of the Greek site started removing the phishing pages. However, it’s uncertain if they’ve patched the vulnerabilities leveraged by the cybercriminals to hack it in the first place.
In case you come across such emails, or websites such as the one shown in the screenshot, make sure you act with caution. The genuine card servicing website from MINT is hosted on https://cardservicing.mint.co.uk. Note that it uses a secure connection, unlike the fake sites which don’t.
If you’re a victim of this scam, change your passwords and make sure you keep a close eye on your account.