Well, I didn’t exactly want to start my journal on a bad note, but this could be very important for you Halifax Online Banking users out there. I got an e-mail today from a supposedly customer service from “customerservice (at)halifax.co.uk”, with the Subject being “Invalid Attempt : Access Suspended”.. this was fishy before I even opened the e-mail. It had the logo and looked genuine…. Here is what the message said
Access Suspended:
To protect your accounts, our monitoring process has temporarily suspended your online access.
as a result of invalid attempt by you another person other than you.
it’s strongly advise to enable your account, to avoid account been flagged.
click on “Enable” to continue the process…
and there was an enable button. This didn’t look right, and I have italiced and bolded the bits that were fishy to me, and this is why…
as a result of invalid attempt by you another person other than you.
By who? And it would usually say “an attempt to login to your account, which was unsuccessful”
to avoid account been flagged.
Talk about bad grammar… and wait – They have already flagged me because they have disabled my account.
…
Ok, companies NEVER add these….
So then I came to the enable button. I clicked it and up came what seemed to be the halifax page. But look at the URL (the words in the top of the browser; right now yours would say http://danielpantry.wordpress.com/2008/06/02/halifax-e-mail/
Surely, the address bar should read:
https://www.halifax-online.co.uk/_mem_bin/formslogin.asp?source=halifaxcoukHOME
Right? NO. This one read:
http://www.certcom.de//halifax-online.co.uk/_mem_bin/logon.php
See the difference. Ill walk you through it.
https://
Means Hyper text transfer protocol secure. All [legitimate] online banks should have these to stop hackers. The second URL (link) didn’t have this. It had http://, which means it was obviously not right…
www.certcom.de
Whoa, your telling me that halifax’s login system is being handled by a German company? hmmm…
//
These are never good; It means that these are hidden files. Certcom doesn’t actually know these are here..
halifax-online.co.uk/_mem_bin/logon.php
Here is the clincher. Why would that be there? The proper address is:
halifax-online.co.uk/_mem_bin/formslogin.asp?source=halifaxcoukHOME
they left out the source, the formslogin.asp file and.. well all companies call it LOGIN not LOGON…
be careful! If you feel you got scammed by this e-mail, just call 0870 1200 849 and tell them this url:
http://www.certcom.de//halifax-online.co.uk/_mem_bin/logon.php
and that they have created an exact replica of the login page.
~Dan
PS: That number will cost a maximum of 8p per minute plus a 6p call set-up fee. The price of calls from other telephone companies will vary. Call price is correct at April 2008.
