Halifax customers have been urged to be aware of scammers following a new wave of fake emails that are doing the rounds.
Consumer champions at Which? said the dodgy email links to a copycat website. The scammers have used “convincing” Halifax branding to trick the recipient into believing the message is from the bank.
In the email, Which? says customers are urged to “refresh their contact details” by clicking on a link. This link then takes the customer to a fake Halifax website.
The fraudulent website looks almost identical to the real Halifax webpage and features the branding of the bank. Customers are then asked to enter their Halifax username and password - by doing this, scammers can then get access to your real account.
The fake site then invites you to reset your password and memorable information, or call the bank. After this, users are then instructed to reset their password and memorable information, or call the bank.
iPhone and Android users given warning over 'pig butchering' crypto scamWhich? said the number that appears on the fake webpage is actually the genuine number for Halifax. Halifax told Which? that the scammers most likely included a genuine telephone number “to provide a degree of credibility if anyone suspicious conducts any checks”.
The fake domain flagged by Which? is hlfx-online.com - customers should not visit or enter any details on this website. The genuine website links for Halifax - which are safe to use - are halifax.co.uk for the main webpage, and halifax-online.co.uk for logging into your personal banking. The Mirror has contacted Halifax for comment.
If you think a scammer has got hold of your bank details, contact your bank straight away. You can call the 159 hotline, which will connect you to your bank.
Passwords that have been leaked or compromised should be changed immediately as well. Make sure you report scams and fraud to Action Fraud by calling 0300 123 2040, or through the Action Fraud website. If you're in Scotland, report a scam to Police Scotland on 101 or through Advice Direct Scotland on 0808 164 6000.
If you come across a suspicious website, you can report it to the National Cyber Security Centre (NCSC). You should forward suspicious emails to the NCSC at report@phishing.gov.uk.
Lisa Webb, Which? Consumer Law Expert, said: "It is really concerning that members of the public have been receiving convincing phishing emails from fraudsters posing as Halifax. Which? is seeing a worrying rise in convincing copycat websites that are designed to harvest people's online banking login details.
"It is vital that banks, domain registrars and platforms hosting fraudulent content on websites act fast and work together to get malicious websites removed quickly to limit the spread of these scams. To avoid falling for a phishing scam, don’t click on links in unsolicited emails and texts and look out for suspicious email addresses or phone numbers. If you’re unsure of the authenticity of an email, contact the company in question using details on its official website.”
A Halifax spokesperson said: “Protecting our customers from fraud is our priority, and we actively search for fake websites which try to impersonate our brands. We have taken the appropriate steps to have this website removed, however this also requires prompt action from the registrar hosting the domain itself.
“Fraudsters relentlessly target the customers of large companies, which shows why it is vital that tech firms do more to crack down on the criminals using their platforms to impersonate major brands.”