[SC.LUG] Email Scam Alert
Greg Bolshaw
greg at linuxtechnologies.co.uk
Thu Nov 6 23:28:54 GMT 2003
Frank Mitchell wrote:
> I thought I'd alert you to a Bogus Email I received recently. Apparently
> it's from Lloyds TSB, even though I'm not a Lloyds Customer. So I phoned
> Lloyds, who confirmed it wasn't theirs, though they were aware of it. Here's
> a (rough) copy below, and I wouldn't recommend anybody to reply to it:
<snip>
> To verify your e-mail address and access your bank account,
> click on the link below. If nothing happens when you click on the
> link (or if you use AOL), copy and paste the link into
> the address bar of your web browser.
>
> http://www.lloydstsb.com:ac-x6LC0IQr2aBda1XBALgF@LlOyDsG.dA.rU/?LdZJtDp
Yeah, watch out for that. They seem to be going around for most of the
major banks/building societies at the moment. The dead giveaway is the
":" in the URL. The above link actually breaks down to the following:
http:// - the protocol
www.lloydstsb.com - username
: - username/password seperator
ac-x6LC0IQr2aBda1XBALgF - password
@ - login/host seperator
LlOyDsG.dA.rU/?LdZJtDp - the *actual* URL
...very much the same as ftp://username:password@ftpsite.com.
Greg
More information about the SC
mailing list