An SMS message takes a different approach, saying that a ‘New device attempted to set up a payee to [your account]. If this was NOT you visit [the fake website]’.
Both are designed to make you worry and they're convincing enough for you to click on the button or link and go to the fake Lloyds website, which is a surprisingly good imitation of the real thing.
The website address shown in the text message was down when we tried to visit the URL, but it doesn’t take much for the criminals to set up a new address for the fake site when others get taken down.
The links take you through the login process and, if you fell for the trick, you’d hand over enough information for the scammers to log into your real Lloyds account and empty it.
The scam has been running for months. Lloyds Bank confirmed on Twitter that the communications were fake and asks any customers who receive anything like this to email it to its fraud team.
Hi Becca. Thanks for getting in touch. This isn't a genuine message from us; it's a scam. If possible, could you please forward this email or text message to us at: [email protected]— Lloyds Bank (@LloydsBank) August 18, 2020
Good security software - or even just a free web browser extension from one the well-known antivirus companies - will warn you when you're about to visit a dodgy website.
“Hackers often hijack the branding of legitimate companies in order to steal confidential financial data from unsuspecting victims.” commented Chris Ross, SVP International of Barracuda Networks.
“These scams can be very convincing, making use of official logos, wording, and personalised details to lull the individual into a false sense of security. In most cases, the victim will be directed to a fraudulent but realistic looking website, where they are urged to enter account details, passwords, security codes and PIN numbers.”
“Phishing attacks like this pose a huge risk both to individuals and the companies they work for, especially if hackers gain access to a business bank account. Tackling this problem requires robust policies and procedures as well as the latest email security systems in place to identify and block these scams before they reach the inbox.”
Donal Blaney, Principal, Griffin Law, added “Banks and the police need to do far more to protect vulnerable members of the public from these scams. They have the money to do so. Why aren’t they doing more?”
There are lots of other phishing emails around: here are coronavirus scams you should know about.