Phishing scam attempts to dupe customers into sharing banking information.

UPDATED Less than a week after a botched data transfer plunged TSB into crisis, hackers have been attempting to capitalize on the UK bank’s woes by launching a phishing scam in an effort to obtain user data.

Reports started to surface last Monday that millions of TSB account holders were unable to access online banking or complete transactions, as the bank encountered problems with migrating its customers away from legacy systems.

And while the bank’s CEO Paul Pester took to Twitter on April 25 to explain that TSB’s banking app and digital services were back up and running, reports indicated that this was not the case, with some customers still unable to log in even today.

Now, amid reports that TSB has drafted in experts from IBM to address the ongoing issues, criminals have been quick to leverage the bank’s IT disaster by launching a targeted phishing scam in an attempt to dupe customers into sharing their user data.

An email seen by The Daily Swig and dated Friday, April 27, was sent from a phony TSBBank@****.edu email address [obfuscation added] with the header ‘Account locked – TSB Bank’.

The email includes an HTML attachment directing customers to a phishing site that attempted to scoop up their login details:

Fortunately for TSB and its customers, as of this morning the scam site had been blacklisted:

At this stage, it is not known how long the phishing site was active, or indeed if any customers inadvertently shared their details.

Those with concerns are urged to contact the bank immediately.

TSB acknowledged the scam emails in a tweet this morning:

Disaster fraud

Online criminals are great opportunists and will often go to great lengths to obtain valuable customer data – either for their own use or with the aim of selling the details on the dark web.

In this case, TSB’s IT and PR meltdown was taken as an opportunity to dupe customers, but criminals have been known to sink to even lower levels in an effort to glean personally identifiable information.

So-called ‘disaster fraud’ hit the headlines earlier this year when the US Federal Emergency Management Agency (FEMA) issued a warning that criminals were targeting survivors of Hurricane Irma with scam emails that promised payouts for victims but were instead used for identity theft and fraud.

“Survivors should also be aware that this kind of situation doesn’t happen only at the beginning of the response to the disaster when people might be more vulnerable,” FEMA said. “It can happen anytime.”


This article has been updated to include this morning’s tweet from TSB.