The Gates Are Open, Phishers Welcome

I’m probably naive, but I’m gobsmacked that, nearly 24 hours later, a phishing website is still active despite my alerting the registrar and host of the domain in question. The only access was via a form so I’m not able to record my email to them but it was shortly after I posted the comment above.

I’ve not been able to contact the bank in question because there’s no media contact that I can find on their website. The scam has been recorded here and the Halifax website seems to be down so perhaps something is happening. But why is the original phishing site still up? And why don’t banks have an easy way for members of the public (or journalists, for that matter) to alert them to such scams? Millers Miles, which records phishing attacks, has recorded more than a dozen against the Halifax in the past year. 

technorati tags: ,

Phishing and the Peril of Fonts

I’m amazed at how lax domain registrations still are, despite the fact that phishing is now so much a household word that even my mum’s heard of it. But here’s another trick being used to try to dupe those people who still remain gullible: change the “o” in online to “c” because in many email readers it will look more or less the same:


Which it does, actually. Quite a neat trick, if you like that kind of thing. (There really is a Halifax Online, and the website address is exactly the same, minus the o/c thing. Even the homepage is the same Javascript login page as above, and everything looks the same minus a note at the bottom saying the bank never asks for personal details via email.)  Clicking on this link will take you to a webpage, that, surprise, surprise, looks very much like the UK’s Halifax Building Society:


I haven’t investigated it further, but I’m assuming the data entered quickly finds its way into the pockets of scumbags, and there’s probably some other nice bits and bobs being loaded onto one’s computer as it happens. The site is still live as of writing, with the address in the first screenshot above.

What amazes me is that the registrar won’t bat an eyelid at what is obviously a very dodgy domain name — Halifax being quite a well-known brand in the UK — and, indeed, even accepts the registration as a “private” one, and therefore allows the person registering the domain to not submit any address or phone number:

The registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service.

The registrar in this case is PIPEX Communications Hosting Ltd, also known as, whom I’ve asked to comment on this. Halifax is also being told about it, just in case they don’t know.

Phishers Force UK Banks To Delay Transfers

Another sign that phishing is taking its toll on the quality of service banks can offer online customers: The Times reports that UK banks are introducing delays in intra-bank payments to try to combat fraudulent transfers caused by phishing attacks:

This week Barclays introduced a one-day delay for transfers. A spokeswoman said: “This delay enables us to carry out checks that seek to prevent fraud.” Halifax also introduced delays in the processing of payments this week, as have Royal Bank of Scotland and NatWest, The Times reports today.

Interesting. Inevitable, perhaps, but this degradation in service can only force some customers back to the physical banks, or to less appealing and less cost-effective services like phone-banking. Running checks on every Internet transfer is going to be time-consuming and expensive for banks. What does this do to banks’ hopes that online banking would effectively replace the high street bricks-and-mortar model?