Warning to Wearsiders over scammers pretending to be bank

The texts are definitely not from the Halifax
By Tony Gillan
Published 17th Nov 2023, 16:13 BST
Updated 20th Nov 2023, 09:14 BST
Warning to Wearsiders over scammers pretending to be bankWarning to Wearsiders over scammers pretending to be bank
Warning to Wearsiders over scammers pretending to be bank

Warning to Wearsiders over scammers pretending to be bankWarning to Wearsiders over scammers pretending to be bank
Warning to Wearsiders over scammers pretending to be bank

Customers of the Halifax bank are being targeted by fraudsters with scam text messages linked to fake websites.

Consumer magazine Which? says this is a new scam. A previous one concerned a website pretending to be Halifax's, which advised victims to "refresh their contact details".

Hide Ad
Hide Ad

The latest scam sends text messages from "HalifaxUK" leading victims to a convincing but fake website.

Texts tell customers they have requested a password change which requires them to access the website.

The text says: "PAYEES passcode - Do not tell anyone. If you did not request it please visit us on [hailfax-onlineuk.com/mobile]." Note the misspelling of Halifax.

In a practice which is known as number spoofing, scammers make the fake Halifax number appear convincing. Genuine messages usually come from "Halifax" and not "HalifaxUK".

Hide Ad
Hide Ad

Which? found another fake website [halifax-onlineuk.com]. This is more convincing still as Halifax is spelt correctly. The real website is halifax-online.co.uk.

The fake site appears to be legitimate, but certainly is not. Criminals use it to steal personal and financial data.

Which? has reported the scam to the National Cyber Security Centre (NCSC) and Halifax, who confirmed that the websites were are being taken down.

A spokesperson told the magazine: "Protecting our customers from fraud is our priority, and we actively search for fake websites which try to impersonate our brands.

Hide Ad
Hide Ad

"We have taken the appropriate steps to have these websites removed, however, this also requires prompt action from the registrar hosting the domain itself.

"Fraudsters relentlessly target the customers of large companies, which shows why it is vital that tech firms do more to crack down on the criminals using their platforms to impersonate major brands."

Anyone receiving an unexpected text should contact the company or check their online account for verification. Also ignore links put in the texts.

To report a scam text, forward it to 7726 where your provider will investigate appropriately. Also visit the National Cyber Security Centre website.

Anyone who thinks they might have been scammed or given details to criminals, should call their bank immediately on the number on the reverse of their bank card and report it to Action Fraud.

Related topics:Halifax