Skip to main content

Beware: "Halifax Classic" phishing mail doing the rounds

Chris Boyd, malware intelligence analyst at Malwarebytes, warns about a phish email that claims to be from Halifax, saying that the bank’s website has been given an overhaul.

Your banking website is dead, long live the banking website!

That’s the general gist from a sneaky phish mail doing the rounds, as scammers take the somewhat drastic step of claiming an entire bank’s website has been given an overhaul. The email, which claims to be from Halifax, claims a brand new version of their website will replace the “classic” version:

Halifax scam email

Things you won’t be having if you click links such as the above: a great day.

There was a mail in circulation a few months back – also a Halifax phish – focusing on a database update. What is it with scammers and Halifax product and service updates?

Anyway, the site was already being flagged by browsers for phishing when we tested a little earlier.

For anybody using a browser with their anti-phishing turned off (or a browser which didn’t detect the above phish) there was even better news – the page has been taken down, so no chance of any further identity theft and / or card fraud taking place on this occasion.

We can’t give a rundown of all the data the phishers were looking for due to the site being taken down speedily, but as per this Phishtank page they wanted usernames and passwords at a bare minimum.

If you’ve been caught out by this particular mail you should contact your bank as soon as possible. The above phish may be offline, but the promise of somewhat extravagant website redesigns used as bait in other emails remains.