Spoofed Halifax email leads to the genuine Halifax Online page but with a pop up which contains a bogus page ...

This spoofed Halifax email brings us another instance of forged web content being presented in front of a genuine site home page to trick users into believing that they are seeing a genuine pop up generated by the genuine site.

In this instance, Halifax Online customers are the target of this Phishing Scam, with a link in the spoof email (see image below) triggering a series of browser windows which ends up with one window for the halifax-online.co.uk home page and another 'pop up' style window in front of that (see image below).

The actual URL of the bogus pop up (use File menu/Properties, or right click/Properties, to see the URL) is http://218.44.251.101/h/formslogin.php which resolves to an ISP in Japan. Any data submitted into the forged sign in page will be processed through a PHP script located on the same server.

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

Dear Valued Customer,

- Our new security system will help you to avoid
frequently fraud transactions and to keep your
investments in safety.

- Due to technical update we recommend you to
reactivate your account.

Click on the link below to verify and begin using
your updated Halifax account.

To verify your account, please visit the Halfax
website at https://www.halifax-online.co.uk/_mem_bin/formslogin.asp

We appreciate your business. It's truly our
pleasure to serve you.

Halifax Customer Care

The bogus web page (which is presented as a pop up style window in front of the genuine halifax-online.co.uk home page)...