Posted on: 2nd August 2017
‘New Mortgage offer’ from TSB: Phishing Update
It has been brought to our attention that spam email is currently circulating small and medium sized businesses and other home users claiming to be from ‘TSBintermediaries@TSB.co.uk’ and ‘email@example.com’.
An example of the email details can be found below
|——– Original message ——–
From: “TSBintermediaries@TSB.co.uk” <firstname.lastname@example.org>
Date: 02/08/2017 08:33 (GMT+00:00)
To: sales <email@example.com>
Subject: New Mortgage offer
We are pleased to confirm we have made a mortgage offer.
The Offer Document is now available for you to view or print.
The property for the above mortgage application has been valued at £1,333,005.
The mortgage offer has been sent to your client(s) and the conveyancer.
We will contact you again when we receive confirmation of your client’s completion date from the conveyancer.
***Please do not reply to this email – it has been automatically generated and we are unable to deal with any responses received****
TSB Bank plc. Registered office: Henry Duncan House, 120 George Street, Edinburgh EH2 4LH. Registered in Scotland, No.SC095237. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 191240. TSB Bank plc is covered by the Financial Services Compensation Scheme and the Financial Ombudsman Service.
TSB Bank plc. Registered Office: Henry Duncan House, 120 George Street, Edinburgh EH2 4LH. Registered in Scotland, number SC95237. Telephone: 0131 225 4555.
Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 191240.
This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments.
Telephone calls may be monitored or recorded.
TSB Bank plc is covered by the Financial Services Compensation Scheme and the Financial Ombudsman Service
The people behind this spam email have created the email so it appears to come from TSB, a reputable and well trusted bank. This is a typical tactic of a hacker or scammer, to ride on the coat tail of a trusted person or company in order to take advantage of you. As you can see in the image below, the creators of the email have used TSB’s logo to try and appear legitimate and unfortunately, this is how so many viruses circulate rapidly and networks become infected.
Do not click on any links
As you can see in the image above, ‘Offer Document‘ is hyperlinked, and you are encouraged to click on this link in order to view and print the alleged ‘New Mortgage offer’. However, if you click on the link it will take you to a fake Office 365 login page, where you are prompted to login.
We have used this example below to show what will happen if you click on the link. As you may notice the email address that appears in the fake login box will show the email address that the initial spam email was sent to, and this email address will also be at the end of the URL, too. In this example you can see that we have used ‘firstname.lastname@example.org’.
You can also see that the webpage is actually using a South African URL, for a nutrition website. Note in the top left of the URL bar, Google Chrome is also recognising that the website is not secure. All reputable website where you must login should have the padlock symbol to show that it is a secure website.
If you input your credentials into this fake login page, this will be sent to the attacker for them to keep. The danger of this is that attackers can use programs that test your email address and password that they have retrieved against the top 1,000 most common websites, such as social media websites, Amazon, Ebay etc. which could then give them the opportunity to purchase items, spend money and steal more information about you, if your passwords for any other websites are the same as you email login password.
Want to know more tips on how to spot a spam email from a real one? Read our article here.
We recommend spam filtering to all our customers as it stops emails like this from causing potential damage. If you would like to find out more about MailGuard or any of our other cyber security services then either fill in the box below or give one of our friendly team a call on 0115 8 24 25 26.
Keep an eye on our website as we always post updates on major scam emails to ensure all our clients and readers are in the know. We will be updating this page with any developments