Lloyds TSB Bank

Garreg Ddu

Gweinyddwr
Staff member
Received: from smtp20.orange.fr ([80.12.242.27]) by bay0-mc9-f12.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 3 Oct 2008 22:46:45 -0700

Origin IP Address = 80.12.242.27 = MAIL-ESSENTIALS-FRANCE, Mail Essentials Project, Orange Technical Role, FRANCE TELECOM/SCR, 48 rue Camille Desmoulins, 92791 ISSY LES MOULINEAUX CEDEX 9, FRANCE abuse@orange.fr

Received: from smtp20.orange.fr (mwinf2016 [172.22.130.116]) by mwinf2010.orange.fr (SMTP Server) with ESMTP id 4E09A1C00D3A; Sat, 4 Oct 2008 03:23:07 +0200 (CEST)
Received: from User (wvps212-241-221-95.vps.webfusion.co.uk [212.241.221.95]) by mwinf2016.orange.fr (SMTP Server) with ESMTP id CC0F51C00094; Sat, 4 Oct 2008 03:23:05 +0200 (CEST)

Reply-To: <services@lloydstsb.com>
From: "Lloydstsb Bank" <services@lloydstsb.com>
Return-Path: services@lloydstsb.com


From: Lloydstsb Bank
Sent: Saturday, October 04, 2008 2:23 AM
To: undisclosed-recipients:
Subject: Important - Case ID Number:253-029-076.



Security Alert

As part of our security measures, we regularly screen activity in the Lloyds TSB system. We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:

We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive Lloyds TSB account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection. Case ID Number:253-029-076.

In accordance with Lloyds TSB's User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to log in to your Lloyds TSB account as soon as possible to help avoid this.

Please follow the link below and fill in the necessary requirements to ensure account safety.

https://online.lloydstsb.co.uk/customer.ibc Redirected link to Phishing site still active.

Yours Sincerely



Anita Hockin
Head Of Internet
Start banking
online today at www.lloydstsb.com
 

Dororo

Administrator
Staff member
There is no link. :confused:

Return-Path: <ew534445@zandweg-oostwaard.nl>
Received: from [77.95.248.149] Netherlands, Gelderland Internet Exchange - Dedicated Servers,
Subject: IMPORTANT NOTICE: Secure Your Account Information
From: Lloyds TSB Bank <alert.customers@lloydstsb.com>
Date: Sat, 04 Oct 2008


Lloyds TSB home

Dear Lloyds TSB Customer,


We have implemented security measures consistent with our internal information security practices to help us keep your information secure. These measures include technical and procedural steps to protect your data from misuse, access or disclosure, loss, alteration or destruction.

One of these security measures is to prevent an unauthorized access and data modification, Lloyds TSB Bank Plc offers a multistage security system including specially developed user authorization mechanism, regulations on user access rights, secure data transmission protocol (SSL), security certificate, as well as other security guarantees. You should complete Lloyds TSB banking update on a regular basis.

Click on "NEXT" to complete Lloyds TSB Bank plc update.

Lloyds TSB BankSecureâ„¢.
 

Garreg Ddu

Gweinyddwr
Staff member
The link in this scam is known by Netcraft and is already in McAfee SiteAdvisor

Received: from cp9.hostingshop.com.au ([202.60.64.26]) by bay0-mc5-f21.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
Sat, 25 Oct 2008 06:53:40 -0700

Origin IP Address = 202.60.64.26 = Dedicated Servers, www.dedicatedservers.net.au - Jon Eaves, L6 20 Wharf St, Brisbane, QUEENSLAND 4000, AUSTRALIA.

Received: from nobody by cp9.hostingshop.com.au with local (Exim 4.63)(envelope-from <nobody@cp9.hostingshop.com.au>) id 1KtjZp-0007AP-JK for ********@hotmail.com; Sat, 25 Oct 2008 23:53:13 +1000
To: ********@hotmail.com
Subject: Important Security Review
From: Lloyds TSB <onlinesecurity@lloydsTSB.co.uk>
Reply-To:
Date: Sat, 25 Oct 2008 23:53:13 +1000
Return-Path: nobody@cp9.hostingshop.com.au




Dear Valued Customer,

- Our new security system will help you to avoid unauthorized access to your account and keep your investment safe.

- Due to technical maintenance we need you to reactivate your account.

Please click the link below to proceed

https://online.lloydstsb.co.uk/customer.ibc Phishing site has been removed by the host ISP already.


We appreciate your business.It's truly our pleasure to serve you.

Lloyds TSB Customer Service



Programs and data held on this system belong or are licensed to Lloyds TSB Bank plc and Lloyds TSB Scotland plc. It is an offence to access the programs and data unless you are doing so through your own account using the Passwords and User ID issued to you by Lloyds TSB Bank plc and Lloyds TSB Scotland plc in an authorised manner and in accordance with all applicable laws.
 

Garreg Ddu

Gweinyddwr
Staff member
Even worse than the usual scammer bad spelling and grammar.

Received: from smtpq2.gn.mail.iss.as9143.net ([212.54.34.165]) by bay0-mc6-f19.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Tue, 28 Oct 2008 11:57:57 -0700
Received: from [212.54.34.139] (port=33964 helo=smtp8.gn.mail.iss.as9143.net) by smtpq2.gn.mail.iss.as9143.net with esmtp (Exim 4.69) (envelope-from <securityadvisory@lloyds.com>) id 1KutfM-0000X7-Dw; Tue, 28 Oct 2008 19:51:44 +0100
Received: from [84.27.55.28] (helo=User) by smtp8.gn.mail.iss.as9143.net with smtp (Exim 4.69) (envelope-from <securityadvisory@lloyds.com>) id 1KutfK-0007tD-2y; Tue, 28 Oct 2008 19:51:42 +0100

Origin IP Address = 84.27.55.28 = AtHome Benelux Network Operations Centre, Gyroscoopweg 90-92, 1042 AX Amsterdam,Netherlands

From: "Lloyds TSB"<securityadvisory@lloyds.com>
Subject: Lloyds TSB Security Advisory Alert: Online Banking Update.
Date: Tue, 28 Oct 2008 19:50:07 +0100
Bcc:
Return-Path: securityadvisory@lloyds.com


We recently determined that various computers connect on your account Lloyds TSB, Password and of multiples checs taient present before connection. We now need assure you again information of your Lloyds TSB account. If this n' d' is not completed; here on October 29, 2008, we will be constrained to suspend your account indefinitely, Because it can have uses d' fraudulent ends. We thank you for your comprehention in this manner. To confirm your online banking of the files, click on the following bond:

Click Here Link is disabled - still active but reported to McAfee SiteAdvisor and NetCraft.

Thank you for your patience. Lloyds TSB service customers. S' you like it do not answer has this e-mail because c' is only one notification. Email to send has this address cannot be answered. 1999-2008 Lloyds TSB. All rights reserved
 

Garreg Ddu

Gweinyddwr
Staff member
Same source IP Address, text and errors as previous post, but as the site in that post has been shut down by the host ISP, the criminal has tried to run the scam again with a different "Phishing" site. No doubt this new site will be found and removed by the host ISP in a few hours time as well.

Received: from smtpq1.gn.mail.iss.as9143.net ([212.54.34.164]) by bay0-mc7-f9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Wed, 29 Oct 2008 12:34:51 -0700
Received: from [212.54.34.138] (port=42366 helo=smtp7.gn.mail.iss.as9143.net) by smtpq1.gn.mail.iss.as9143.net with esmtp (Exim 4.69) (envelope-from <securityadvisory@lloyds.com>) id 1KvGoS-00018u-Sh; Wed, 29 Oct 2008 20:34:40 +0100
Received: from [84.27.55.28] (helo=User) by smtp7.gn.mail.iss.as9143.net with smtp (Exim 4.69) (envelope-from <securityadvisory@lloyds.com>) id 1KvGoP-00054X-TF; Wed, 29 Oct 2008 20:34:37 +0100

Origin IP Address = 84.27.55.28 = AtHome Benelux IP Management, Gyroscoopweg 90-92, 1042 AX Amsterdam, The Netherlands


From: <securityadvisory@lloyds.com>
Subject: WARNING ! Your online banking profile has been locked
Date: Wed, 29 Oct 2008 20:34:38 +0100
Bcc:
Return-Path: securityadvisory@lloyds.com


We recently determined that various computers connect on your account Lloyds TSB, Password and of multiples checs taient present before connection. We now need assure you again information of your Lloyds TSB account. If this n' d' is not completed; here on October 29, 2008, we will be constrained to suspend your account indefinitely, Because it can have uses d' fraudulent ends. We thank you for your comprehention in this manner. To confirm your online banking of the files, click on the following bond:

Click Here Link disabled as still active. In NetCraft, McAfee SiteAdvisor and PhishTank.

Thank you for your patience. Lloyds TSB service customers. S' you like it do not answer has this e-mail because c' is only one notification. Email to send has this address cannot be answered. 1999-2008 Lloyds TSB. All rights reserved
 

Garreg Ddu

Gweinyddwr
Staff member
Received: from smtpout24.attiva.biz ([85.37.16.25]) by bay0-mc11-f17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Wed, 29 Oct 2008 20:24:24 -0700
Received: from FBCMFE02B22.fbc.local ([192.168.30.31]) by smtpout24.attiva.biz with Microsoft SMTPSVC(6.0.3790.1830); Thu, 30 Oct 2008 04:24:26 +0100
Received: from User ([80.183.102.115]) by FBCMFE02B22.fbc.local with Microsoft SMTPSVC(6.0.3790.1830); Thu, 30 Oct 2008 04:24:25 +0100

Origin IP Address = 80.183.102.115 = Telecom Italia S.p.A. TIN EASY LITE, MDBLAB, Val Cannuta, 250, Roma, Italy

From: <securityadvisory@alert.lloyds.com>
Subject: IMPORTANT - Regarding Your Lloyds Account
Date: Thu, 30 Oct 2008 04.24.24 +0100
Bcc:
Return-Path: securityadvisory@alert.lloyds.com




DEAR CUSTOMER,
Lloyds TSB is pleased to notify our online banking customers that
we have successfully upgraded to a more secure and encrypted
SSL servers to serve our esteemed customers for a better and
more efficent banking services in the year 2008.
Due to this recent upgrade you are requested to update your
account information by following the reference below. using our
new secure and safe SSL servers. To validate your online banking account
click on Update Online Banking . Link disabled as still active, but in NetCraft and McAfee SiteAdvisor already
Thank you.
Lloyds TSB Online Banking Security Team
2008 Lloyds TSB internet Banking . All rights reserved. Version 1.0 31w23m3
 

Garreg Ddu

Gweinyddwr
Staff member
Similar to post #27 above, but with a different date and "Phishing" site.

Received: from smtpq2.tb.mail.iss.as9143.net ([212.54.42.165]) by bay0-mc9-f1.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sat, 1 Nov 2008 12:45:45 -0700
Received: from [212.54.42.132] (port=46301 helo=smtp1.tb.mail.iss.as9143.net) by smtpq2.tb.mail.iss.as9143.net with esmtp (Exim 4.69) (envelope-from <securityadvisory@lloyds.com>) id 1KwMPJ-0006Ft-Kn; Sat, 01 Nov 2008 20:45:13 +0100
Received: from [84.27.55.28] (helo=User) by smtp1.tb.mail.iss.as9143.net with smtp (Exim 4.69) (envelope-from <securityadvisory@lloyds.com>) id 1KwMOs-0007jB-Mx; Sat, 01 Nov 2008 20:44:46 +0100

Origin IP Address = 84.27.55.28 = AtHome Benelux Network Operations Centre, Gyroscoopweg 90-92, 1042 AX Amsterdam,The Netherlands Please report abuse by e-mail to abuse@home.nl

From: <securityadvisory@lloyds.com>
Subject: {Spam?} Notification: Verify Your Account Details
Date: Sat, 1 Nov 2008 20:44:50 +0100
Bcc:
Return-Path: [securityadvisory@lloyds.com]



We recently determined that various computers connect on your account Lloyds TSB, Password and of multiples checs taient present before connection. We now need assure you again information of your Lloyds TSB account. If this n' d' is not completed; here on November 3, 2008, we will be constrained to suspend your account indefinitely, Because it can have uses d' fraudulent ends. We thank you for your comprehention in this manner. To confirm your online banking of the files, click on the following bond:

>>> Click Here <<< Link disabled as still active. Reported to NetCraft and McAfee SiteAdvisor and in the PhishTank.

Thank you for your patience. Lloyds TSB service customers. S' you like it do not answer has this e-mail because c' is only one notification. Email to send has this address cannot be answered. 1999-2008 Lloyds TSB. All rights reserved
 

Garreg Ddu

Gweinyddwr
Staff member
Received: from server93.greatnet.de ([83.133.96.210]) by bay0-mc3-f18.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sat, 1 Nov 2008 16:27:00 -0700

Origin IP Address = 83.133.96.210 = Greatnet New Media, Brentenstrasse 4a, D-83734 Hausham, Germany - abuse@greatnet.de

Received: from localhost (localhost.localdomain [127.0.0.1]) by server93.greatnet.de (Postfix) with ESMTP id 12CAE11AAA1F for <********@hotmail.com>; Sat, 1 Nov 2008 23:37:02 +0100 (CET)
Received: from server93.greatnet.de ([127.0.0.1]) by localhost (server93.greatnet.de [127.0.0.1]) (amavisd-new, port 30) with ESMTP id iAomNon92Rto for <********@hotmail.com>; Sat, 1 Nov 2008 23:37:01 +0100 (CET)
Received: by server93.greatnet.de (Postfix, from userid 776) id 6FA88A57C7C; Sat, 1 Nov 2008 23:01:30 +0100 (CET)
To: ********@hotmail.com
Subject: ATTENTION - Customer Service Message
From: LloydsTSB Bank <services@lloydstsb.com>
Reply-To:
Date: Sat, 1 Nov 2008 23:01:30 +0100 (CET)
Return-Path: web80@server93.greatnet.de


Security Alert

As part of our security measures, we regularly screen activity in the Lloyds TSB system. We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:

We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive Lloyds TSB account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection. Case ID Number:253-029-076.

In accordance with Lloyds TSB's User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to log in to your Lloyds TSB account as soon as possible to help avoid this.

Please follow the link below and fill in the necessary requirements to ensure account safety.

https://online.lloydstsb.co.uk/customer.ibc Which hides a re-direct to the "Phishing site and is disabled as the "Phish" is still active. Reported to NetCraft, McAfee and in the "PhishTank".

Yours Sincerely



Anita Hockin
Head Of Internet
Start banking
online today at www.lloydstsb.com
 

Garreg Ddu

Gweinyddwr
Staff member
Received: from smtp2.execulink.net ([69.63.44.83]) by bay0-mc11-f21.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 31 Oct 2008 23:40:18 -0700
Received: from User (dsl2458.rba1.pppoe.execulink.com [209.213.255.164]) by smtp2.execulink.net (8.13.1/8.13.1) with SMTP id mA16gQL3013340; Sat, 1 Nov 2008 02:42:27 -0400

Origin IP Address = 209.213.255.164 = Execulink Internet Services Corporation, 619 Main Street North, PO Box 130, Burgessville, ON N0J-1C0, CANADA

From: <Lloyds@nit.it>
Subject: Notification: Verify Your Account Details
Date: Sat, 1 Nov 2008 02:39:31 -0400
Bcc:
Return-Path: Lloyds@nit.it


Verify Your Account Details
--------------------------------------------------------------------------------


As part of measures of ensuring a safer and more secure Banking environment. We have re-structured our Banking servers .

Hence, we have decided to put an extra verification process to ensure your identity and account information is protected.

Please click on continue, to the verification process and ensure your Account information is entered correctly to get verified.

It is all about your security.


Thank you.

Continue To Online Banking Link in NetCraft and McAfee site advisor and still active but should die soon.



Remember : Lloyds TSB will never ask for your ATM PIN
--------------------------------------------------------------------------------

TCF Bank, N.A. Member FDIC. Equal Housing Lender
2007 Lloyds TSB internet Banking. All rights reserved
 

Garreg Ddu

Gweinyddwr
Staff member
Received: from lon-gs4dmrelay.mistral.net ([217.154.246.189]) by bay0-mc3-f21.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 31 Oct 2008 21:10:29 -0700
Received: from adsl-wan-217-154-29-192.mistral.co.uk ([217.154.29.192] helo=User) by lon-gs4dmrelay.mistral.net with smtp (Exim 4.51) id 1Kw7UR-0004SK-7z; Sat, 01 Nov 2008 03:50:20 +0000

Origin IP Address = 217.154.29.192 = Mistral Hostmaster, Mistral Internet Group Limited, 5th Floor, Tower Point, 44 North Road, Brighton, East Sussex BN1 1YR, UK abuse@mistral.net

Reply-To: <securityadvisory@lloyds.co.uk>
From: "Lloyds TSB"<securityadvisory@lloyds.co.uk>
Subject: Lloyds TSB Security Advisory Alert: Online Banking Update.
Date: Sat, 1 Nov 2008 04:09:39 -0000
Bcc:
Return-Path: securityadvisory@lloyds.co.uk




DEAR CUSTOMER,
Lloyds TSB is pleased to notify our online banking customers that
we have successfully upgraded to a more secure and encrypted
SSL servers to serve our esteemed customers for a better and
more efficent banking services in the year 2008.
Due to this recent upgrade you are requested to update your
account information by following the reference below. using our
new secure and safe SSL servers. To validate your online banking account
click on Update Online Banking .

The "Phishing" site has been removed by the host already, after being flagged by McAfee and NetCraft.

This Email has being sent to all our Bank customers, and it is
compulsory to follow as failure to verify account details will lead to
account suspension.



Thank you.
Lloyds TSB Online Banking Security Team
2008 Lloyds TSB internet Banking . All rights reserved. Version 1.0 31w23m3
 

Garreg Ddu

Gweinyddwr
Staff member
Received: from cube4.cubit.at ([80.78.232.73]) by bay0-mc2-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sun, 26 Oct 2008 09:02:15 -0700

Origin IP Address = 80.78.232.73 = Globalcore Hostmaster, Globalcore AG, Albertgasse 43, A-1080 Wien, AUSTRIA


Date: Sun, 26 Oct 2008 17:02:13 +0100
To: *******@hotmail.com
Subject: Update Your Contact Information
From: Lloyds Tsb <onlinebanking@alert.lloydstsb.com>
Reply-To: donotreply@lloydstsb.com


Message From Customer Service.

Technical Service are carrying out a planned software upgrade and we earnestly ask you to visit the following link to state the procedure of confirmation on customers data.


Click here to update your profile "Phishing" site is dead already.


Thank you for your prompt attention to this matter.

We apologize for any inconvenience.



If you feel you have received this message in Error please ignore it


--------------------------------------------------------------------------------

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
 

Garreg Ddu

Gweinyddwr
Staff member
Idebtical text to Post #23 above but with different email addresses:

Received: from mail.cg.yu ([195.66.191.243]) by bay0-mc8-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Sat, 25 Oct 2008 16:00:15 -0700
Received: (qmail 2795 invoked from network); 25 Oct 2008 23:00:13 -0000
Received: from adsl-lns1-l2664.crnagora.net (HELO fato?ul@cg.yu) (85.94.106.104) by cg.yu with SMTP; 25 Oct 2008 23:00:13 -0000

Origin IP Address = 85.94.106.104 = TCom ME admin, Moskovska 29, Podgorica, Montenegro

Reply-To: "LloydsTSB" <info@lloydstsb-log-customers.com>
From: "LloydsTSB" <info@hi5.com>
To: <********@hotmail.com>
Subject: Account Security Alert
Date: Sat, 25 Oct 2008 10:56:30 +0200
Return-Path: [info@hi5.com ]



Security Alert

As part of our security measures, we regularly screen activity in the Lloyds TSB system. We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:

We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive Lloyds TSB account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection. Case ID Number:253-029-076.

In accordance with Lloyds TSB's User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to log in to your Lloyds TSB account as soon as possible to help avoid this.

Please follow the link below and fill in the necessary requirements to ensure account safety.

https //online lloydstsb co uk/customer ibc "Phishing" site has been removed by the host ISP already.

Yours Sincerely



Anita Hockin
Head Of Internet
Start banking
online today at [www lloydstsb com]
 

Garreg Ddu

Gweinyddwr
Staff member
This may be a little premature as the proposed merge of Halifax BOS and Lloyds TSB is not finalised yet.....

Received: from smtp21.orange.fr ([80.12.242.46]) by bay0-mc10-f7.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sat, 8 Nov 2008 02:51:49 -0800
Received: from smtp21.orange.fr (mwinf2109 [10.232.7.37]) by mwinf2105.orange.fr (SMTP Server) with ESMTP id EB6DC1C04221; Sat, 8 Nov 2008 11:51:46 +0100 (CET)
Received: from User (s15320755.domainepardefaut.fr [82.165.45.157]) by mwinf2109.orange.fr (SMTP Server) with ESMTP id 082D01C00084; Sat, 8 Nov 2008 11:51:42 +0100 (CET)

Origin IP Address = 82.165.45.157 = Schlund NCC, 1&1 Internet AG, Brauerstrasse 48, D-76135 Karlsruhe, Germany

From: <alert@halifax.com>
Subject: Your Lloyds TSB Account has been locked
Date: Sat, 8 Nov 2008 11:51:46 +0100
To: undisclosed-recipients:;
Return-Path: <alert@halifax.com>
Sent: Saturday, November 08, 2008 10:51 AM



Account Locked !
Dear Lloyds TSB Customer,

Due to the number of incorrect login attempts, your Lloyds TSB Account has been locked for your security. This has been done to secure your accounts and to protect your private information in case the login attempts were not done by you..
At Lloyds TSB Bank we care about your security so, for your protection we are proactively notifying you of this activity.

If you did not trigger this lockout, follow this link to Log on to your Lloyds TSB Online Account :

Click here to unlock your account Phishing site still active, but flagged by NetCraft and submitted to McAfee SiteAdvisor.

Thank you for your prompt attention to this matter.

We apologize for any inconvenience.
Thank you for using Lloyds TSB !
Please do not reply to this e-mail. Mail sent to this address cannot be answered.
 

Garreg Ddu

Gweinyddwr
Staff member
Exactly as it was received in the inbox. Another incompetent Nigerian criminal who can't compose an email properly!

Received: from ns2.wehostyou.co.uk ([212.115.42.58]) by bay0-mc2-f2.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sat, 8 Nov 2008 02:22:35 -0800
Received: by ns2.wehostyou.co.uk (Postfix, from userid 398) id C83AA3F9FE; Sat, 8 Nov 2008 10:22:34 +0000 (GMT)
To: <********@hotmail.com>
Subject: Important Notice!!! Account Security Alert!!!
X-PHP-Script: Theboardgamezone.com//ray/modules/global/inc/header.inc.php for 41.219.221.57

Origin IP Address = 41.219.221.57 = STARCOMMS, NAVNEET SINGH, Plot 1261, Bishop Kale Close, off Saka Tinubu, Victoria Island, Lagos, Nigeria

From: Lloyds TSB Internet Banking <sec.alert@lloydstsb.com>
Reply-To:
Date: Sat, 8 Nov 2008 10:22:34 +0000 (GMT)
Return-Path: httpd@ns2.wehostyou.co.uk



<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<TABLE cellSpacing=0 cellPadding=0 width=600 align=center border=0>
<TBODY>
<TR vAlign=top>
<TD style="FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY:
verdana,arial,helvetica,sans-serif"
width=400><TABLE cellSpacing=0 cellPadding=5 width="100%" border=0>
<TBODY>
<TR vAlign=top>
<TD style="FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY:
verdana,arial,helvetica,sans-serif"><p><img src="http://www.lloydstsb.com/media/lloydstsb2004/new_homepage_images/for_the_journey_logo.jpg"
border=0></A></p>
<BR>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD class=pp_heading align=left><div
align="center"><BR>
<strong>Account Locked !</strong></div></TD>
</TR>
</TBODY>
</TABLE></TD>
</TR>
<TR>
<TD
style="FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY:
verdana,arial,helvetica,sans-serif"><BR>
Dear Lloyds TSB Member, <BR>
<BR>
Due to the number of incorrect login
attempts, your Lloyds TSB Account has been locked for your security.
This has been done to secure your accounts
and to protect your private information in case the login
attempts were not done by you..
<BR>
At Lloyds TSB Bank we care about your
security so, for your protection we are proactively notifying you of this activity. <BR>
<BR>
If you did not trigger this lockout,
follow this link to Log on to your Lloyds TSB Online Account :
<BR>
<TABLE cellSpacing=0 cellPadding=1 width="75%" align=left
border=0>
<TBODY>
<TR>
<TD style="FONT-SIZE: 12px; ; FONT-FAMILY:
verdana,arial,helvetica,sans-serif"><TABLE cellSpacing=0
cellPadding=4 width="100%" align=center

border=0>
<TBODY>

<TR>

<TD class=pp_sansserif align=middle><A
href="http www ruhrpott roughnexx de vwar aa customer.htm" Link disabled as still active. Already in NetCraft and McAfee SiteAdvisor.
target=_blank>Click
here to unlock your account</A></TD>
</TR>
</TBODY>
</TABLE></TD>
</TR>
</TBODY>
</TABLE>
<P><BR>
<BR>
<BR>
Thank you for your prompt attention to this matter.<BR><BR>
We apologize for any inconvenience.<BR><BR><BR><BR>
Thank you for using Lloyds TSB! </P></TD>
</TR>
<TR>
<TD style="FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY: verdana,arial,helvetica,sans-serif"><HR class=dotted>
</TD></TR><TR><TD style="FONT-SIZE: 12px; COLOR: #000000FONT-FAMILY: verdana,arial,helvetica,sans-serif"><TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY><TR><TD class=pp_footer><font size="2" face="Arial, Helvetica, sans-serif"><font color="#999999" size="1">Please do not reply to this e-mail. Mail sent to this address cannot be answered.</font></TD><TR><TD style="FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY:verdana,arial,helvetica,sans-serif"><IMG height=10 src="http://images.paypal.com/en_US/i/scr/pixel.gif" width=1 border=0></TD> </TR> </TBODY> </TABLE></TD> </TR> <TR> <TD style="FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY: verdana,arial,helvetica,sans-serif"><BR> <SPAN class=pp_footer></SPAN></TD> </TR> </TBODY> </TABLE></TD> </TR> </TBODY> </TABLE> </body> </html>
<!-- text below generated
by server. PLEASE REMOVE --><!-- Counter/Statistics data collection code --><script language="JavaScript" src="http://hostingprod.com/js_source/geov2.js"></script><script language="javascript">geovisit();</script><noscript><img src="http://visit.webhosting.yahoo.com/visit.gif?us1142376053"
alt="setstats" border="0" width="1" height="1"></noscript>
<IMG SRC="http://geo.yahoo.com/serv?s=76001524&t=1142376053&f=p6w8"
ALT=1 WIDTH=1 HEIGHT=1>
 

Garreg Ddu

Gweinyddwr
Staff member
Short new format from Thailand:

X-SID-PRA: Lloyds TSB Bank <onlineservice.info@lloydstsb.com>
Received: from ns1.itpart.com ([202.44.52.38]) by bay0-mc8-f21.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Thu, 4 Dec 2008 14:07:16 -0800

Origin IP Address = 202.44.52.38 = World Internetwork Co.,Ltd., 22/1 Moo2 Sumrongtai Prapradang Samutprakan 10130, Thailand.


Date: Thu, 04 Dec 2008 20:38:39 +0700
Subject: Your Lloyds TSB Online Password and Memorable Word is revoked..
To: *******@hotmail.com
From: Lloyds TSB Bank <onlineservice.info@lloydstsb.com>
Reply-To: Lloyds TSB Bank <onlineservice.info@lloydstsb.com>
Return-Path: onlineservice.info@lloydstsb.com




Your Lloyds TSB Online Password and Memorable Word is revoked,due to invalid logon attempts by a suspected thirdparty user. You will not be able to access your accounts Online, or Telephone banking.

Click 'PROCEED TO INTERNET BANKING' to restore your online access.


'PROCEED TO INTERNET BANKING' The site is flagged by NetCraft, McAfee, MS Phishing, Safari and is in the PhishTank. It will soon probably not function but is still active at the moment.
 

Kat

Administrator
Staff member
No link in this phishing email.

Return-Path: <secuirty@lloydstsb.com>
Received: from 84.44.101.4, Turkey, Ses ve Iletisim Bilgisayar Teknoloji Sanayi ve Ticaret A.S.
Reply-To: <security@lloydstsb.com>
From: "Lloyds TSB"<secuirty@lloydstsb.com>
Subject: LloydsTSB is proud to announce about their new updated secure system !
Date: Thu, 11 Dec 2008


Dear Sir/Madam,

LloydsTSB Bank always look forward for the high security of our clients. Some customers have been receiving an email claiming to be from LloydsTSB advising them to follow a link to what appear to be a LloydsTSB web site, where they are prompted to enter their personal Online Banking details. LloydsTSB is in no way involved with this email and the web site does not belong to us.

LloydsTSB is proud to announce about their new updated secure system. We updated our new SSL servers to give our customers a better, fast and secure online banking service.

Due to the recent update of the servers, you are requested to please update your account info at the following button.

(just a blue line here)

Once you have activate this service your LloydsTSB account will not be interrupted and will continue as normal. LloydsTSB is committed to ensure the safeguard of each customer's personal information, making sure only authorised individuals have access to their accounts. It is all about your security.

Accounts Management As outlined in our User Agreement, LloydsTSB will periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
http www LloydsTSB com/help/index.html
 

Garreg Ddu

Gweinyddwr
Staff member
X-SID-PRA: Lloyds TSB Internet Banking <sec.alert@lloydstsb.com>
Received: from User (CPE-124-191-104-83.vic.bigpond.net.au [124.191.104.83]) (authenticated sender walkersue@optusnet.com.au) by mail07.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id mBJCZlkR018916; Fri, 19 Dec 2008 23:36:12 +1100

Origin IP Address = 124.191.104.83 = Telstra Internet, Locked Bag 5744, Canberra, ACT 2601, AUSTRALIA

From: "Lloyds TSB Internet Banking"<sec.alert@lloydstsb.com>
Subject: Important Security Notice From Lloyds TSB Internet Banking
Date: Fri, 19 Dec 2008 12:43:19 -0000
Bcc:
Return-Path: sec.alert@lloydstsb.com



Dear Customer,


Lloyds TSB has been receiving complaints from our customers for unauthorised use of the Lloyds TSB Online accounts. As a result we are making an extra security check on all of our Customers account in order to protect their information from theft and fraud.


Due to this, you are requested to follow the provided steps and confirm your Online Banking details for the safety of your Accounts. Please Click Here To Start The Phishing site in Germany has been removed by the host already..


However, Failure to do so may result in temporary account suspension. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.



Thanks for your co-operation.



Fraud Prevention Unit
Legal Advisor
Lloyds TSB.


--------------------------------------------------------------------------------
Accounts Management As outlined in our User Agreement, Lloyds TSB (r) will
periodically send you information about site changes and enhancements.

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
 

Garreg Ddu

Gweinyddwr
Staff member
X-SID-PRA: Lloyds TSB Internet Banking <emailalert@lloydstsb.com>
Received: from User ([82.105.203.181]) by nschwotgx01p.mx.bigpond.com with ESMTP id <20081220200355.IGIJ18392.nschwotgx01p.mx.bigpond.com@User>; Sat, 20 Dec 2008 20:03:55 +0000

Origin IP Address = 82.105.203.181 = Telecom Italia S.p.A., Neteconomy & Smart Services, BBBEASYIP STAFF, MDBLAB, Via Val Cannuta, 250, I-00100 Roma, Italy

From: "Lloyds TSB Internet Banking"<emailalert@lloydstsb.com>
Subject: Lloyds TSB Internet Banking Account Alert
Date: Sat, 20 Dec 2008 21.03.55 +0100
Bcc:
Return-Path: emailalert@lloydstsb.com


Dear Customer,


Lloyds TSB Bank Plc, always look forward for the high security of our customers. During our regular scheduled accounts maintenance and verification procedures, we have detected a slight error regarding your Lloyds TSB Internet Banking Account.

This might be due to one of the following reasons:

1. A recent change in your personal information.
2. Submitting invalid information during the initial sign up process.
4. Multiple failed logins in your personal account.
3. An inabillity to accurately verify your selected option of payment due
to an internal error within our system.

Please update and verify your information by clicking the following link:

http://www.lloydstsb.com/validity/confirm-membership? Link disabled as still active. Reported to NetCraft and McAfee SiteAdvisor.


If your account information is not updated within 24 hours then your ability to access your account will be restricted.

Thank you,
Lloyds TSB Internet Banking Department.



ABOUT THIS MESSAGE:
This service message was delivered to you as a Lloyds TSB customer to provide you with account updates and information about your card benefits.

Lloyds TSB Bank plc and Lloyds TSB Scotland plc are authorised and regulated by the Financial Services Authority and signatories to the Banking Codes. FSA authorisation can be checked on the FSA’s Register at: www.fsa.gov.uk/register. Lloyds TSB Bank plc and Lloyds TSB Scotland plc are members of the Financial Services Compensation Scheme and the Financial Ombudsman Service.

How much we lend and the issue of a credit card is subject to our assessment of your circumstances. You must be 18 or over. Overdrafts are repayable in full on demand. Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.

® 2008 Lloyds TSB Group plc. & Co.
 
Last edited:

pablo

Member
Christmas phishing season.

The phishing attemps are up. The following Loyds TSB message hacked an innocent web site http://www.trampdrift.com.

The link is now dead. (15 minutes discovery to dead) Interesting the phishing email had the correct Lloyds email scams link in the message.

p.
==================================================

Subject: Important Message :account security.
Date: 24 Dec 2008 00:39:31 -0600
From: Lloyds TSB Bank plc <management@lloydstsb.co.uk>
To: xxxx@xxxx.xxxx


Dear Valued Client,

It has come to our attention that your account has encountered security
Problems. This might have happened because:

1. You did not complete the security update.
2. Your Account has been accessed by an unauthorized 3rd-party.

Upgrade your details now to get the maximum security exposure by clicking on the button below:

http://www.trampdrift.com/html/modules/Forums/admin/language/customer.php


if you don't get upgrade within the next 48hours, Your account will
be assumed fraudulent and it will be suspended.

Yours sincerely,

Karen Penney
Manager of Select accounts



Account opening, how much we lend and the issue of a credit card is subject our assessment of your circumstances.
You must be 18 or over. Overdrafts are repayable in full on demand.

SECURITY INFORMATION

If you receive an email that doesn't feature your name and the last four digits of your current account number,
then don't click on any links it may contain - please forward it to us immediately for investigation at
emailscams@lloydstsb.co.uk then delete it.

IMPORTANT INFORMATION

Select this link if you no longer wish to receive emails from Lloyds TSB Bank plc about our products and services.
If you have concerns about the validity of this email, please call us on 0845 3000 116
(7am-10pm, Mon-Fri; 8am-6pm, Sat-Sun). Calls may be monitored and recorded.

This email is intended only for the above addressee. It may contain privileged information. If you are not the addressee
you must not copy, distribute, disclose or use any of the information in it. If you have received
it in error please delete it and immediately notify the sender.

The Lloyds TSB privacy policy can be viewed here.

Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient
to ensure that the onward transmission, opening or use of this message and any attachment will not adversely affect
its systems or data. No responsibility is accepted by Lloyds TSB Bank plc in this regard and the recipient should carry
out such virus and other checks as they consider appropriate.

Lloyds TSB Bank plc, 25 Gresham Street, London EC2V 7HN. Registered in England and Wales, number 2065.
Telephone No: 020 7626 1500.

Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street, Edinburgh EH2 4LH. Registered in Scotland,
number 95237. Telephone No: 0131 225 4555.

Authorised and regulated by the Financial Services Authority and signatories to the Banking Codes.
 
Top