Leaving aside the domain name and the lack of a secure connection, it is not at all difficult to reproduce the login page of a corporate website. This rule applies to PayPal, Nationwide, Lloyds TSB and most other financial institutions and payment processors.
Another example is represented by a series of emails claiming to be from Discover, one of the most popular direct banks in the United States.
In order to encourage the recipient to click on the links it contains, fake notifications are based on a classic subject:
Dear Discover Card member,
Your latest Discover card statement is available in the Account Center at Discover.com. With paperless statements, you protect your account and the environment.
Log in to view your statement.
Did you know you can view detailed rewards activity, sort your transactions, view additional transaction details, dispute charges and more on account activity.
Account summary ending August 20, 2012 Statement balance $ 258.06 Available line of credit $ 13,926.00 Minimum payment due $ 84.00 Payment due date September 18, 2012 If such an e-mail is received by a Discover customer, it is likely that the fake numbers in the message do not actually match those in their account.
The cybercriminals who handle this scheme hope to induce a sense of urgency and make the victim quickly click on the link and enter their username and password without giving too much.
Once the Log in is clicked, all data is sent back to the scammers, giving them access to the unsuspecting user’s financial assets.
As we mentioned at the start of this review, the easiest way to tell the difference between a fake email and a real one is to go to the website the links are pointing to. If the address doesn’t start with “https”, then something is clearly wrong.