![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
ventaI've just got an email, inviting me to visit a website to confirm my log-in details for my internet banking.
It says:
Dear client of the Halifax Internet banking,
Technical services of the bank are carrying out a planned software upgrade for the maximum convenience of the user of online-services of the Halifax Bank. We earnestly ask you to visit the following link and to confirm your bank data:
https://www.halifax-online.co.uk/_mem_bin/FormsLogin.asp?source=halifaxcouk
This instruction has been set to all bank customers and is obligatory to follow.
Now, I don't bank with the Halifax, but we'll let that pass for now.
Out of curiosity, I followed the link. It looks like a reasonably plausible internet banking log-in site, with a handy banner ad warning you of email fraud, and explaining they'll never ask for your bank details via email. Nice touch.
In fact, a bit of checking verifies that it actually takes you to the Halifax' genuine log-in site. If I go to the Halifax' website, and click on "sign-in", it takes me to exactly the URL above.
I've completely failed to understand the point of this spam. If it had taken to me to a mocked-up site, hoping to steal my details, I could have understood. It seems very unlikely that the Halifax are genuinely going for this scatter-shot approach to notifying their customers (in rather poor English) of some changes.
Have I missed something very obvious ? Am I the target of some very clueless, wannabe scammer, who's understood that you're supposed to send out fake bank-mails, but failed to set up the necessary infrastructure to steal details ?
It says:
Dear client of the Halifax Internet banking,
Technical services of the bank are carrying out a planned software upgrade for the maximum convenience of the user of online-services of the Halifax Bank. We earnestly ask you to visit the following link and to confirm your bank data:
https://www.halifax-online.co.uk/_mem_bin/FormsLogin.asp?source=halifaxcouk
This instruction has been set to all bank customers and is obligatory to follow.
Now, I don't bank with the Halifax, but we'll let that pass for now.
Out of curiosity, I followed the link. It looks like a reasonably plausible internet banking log-in site, with a handy banner ad warning you of email fraud, and explaining they'll never ask for your bank details via email. Nice touch.
In fact, a bit of checking verifies that it actually takes you to the Halifax' genuine log-in site. If I go to the Halifax' website, and click on "sign-in", it takes me to exactly the URL above.
I've completely failed to understand the point of this spam. If it had taken to me to a mocked-up site, hoping to steal my details, I could have understood. It seems very unlikely that the Halifax are genuinely going for this scatter-shot approach to notifying their customers (in rather poor English) of some changes.
Have I missed something very obvious ? Am I the target of some very clueless, wannabe scammer, who's understood that you're supposed to send out fake bank-mails, but failed to set up the necessary infrastructure to steal details ?
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2005-01-21 04:32 pm (UTC)They probably used it because it won't show up their ISP's firewall as an incoming HTTP connection and is unlikely to be used by anything else.