People in the UK are being targeted by a new phishing scam designed to trick victims into handing over details of their HSBC bank account.
The scam, discovered by litigation specialists Griffin Law, begins with a bogus text message that claims to be from the banking and finance giant informing the receiver that a new payment has been made through the HSBC app on their phone.
The user is then told that, if they are not responsible for the payment, they should visit the site “Security.hsbc.confirm-systems.com” to validate their bank account, before being directed to a fake landing page which asks for their username and password, followed by a series of verification steps.
The fraudulent site, which uses official HSBC branding, then asks for specific account details and personal data of the individual.
Griffin Law claimed that almost 50 people have come forward to say they have received the text message so far, with some able to identify the scam due to the fact they do not have a HSBC app installed on their phone. Thankfully, thus far, there have been no current reports of the scam being successful, according to Griffin Law.
Chris Ross, SVP, Barracuda Networks, said: “This is the latest in a long line of increasingly sophisticated phishing scams, designed to trick the victim into handing over their personal financial details.
“Increasingly, we are seeing examples of cyber-criminals using the branding of major banks to create realistic-looking fake websites, in order to extract personal financial information.”
When it comes to tackling the problem, all companies and users must remain vigilant of such scams, he added.
“SMS messages are often used by criminals to catch workers off-guard, using their personal mobile number. Ensuring security awareness within the workforce is critical, and it’s important that all employees are trained about how these schemes operate as well as how SMS messages can be exploited as part of a wider phishing scheme designed to steal company funds and data.”
Source: Infosecurity Magazine