Lloyds Bank customers targeted by hackers in phishing scam
By Sunniva Kolostyak
A phishing email and SMS campaign is targeting customers of Lloyds Bank, one of the Big Four in England and Wales, telling its victims their bank account has been disabled.
The phishing attempts have been uncovered by litigation practice Griffin Law, who said about 100 people have reported receiving the communication.
The scam is targeting victims through SMS-messages and fraudulent emails. The recipient receives a realistic-looking email from Lloyds Bank, using official logos, branding, and warning them that their bank account has been compromised with the subject header “Alert: Document Report – We noted about security maintenance”.
The email also includes spelling errors and sometimes Chinese characters. It also reads “Your Account Banking has been disabled, due to recent activities on your account, we placed a temporary suspension untill you verify your account”.
Lloyds Bank confirmed the scam was in circulation on Twitter, responding to one user with: “This isn’t a genuine message from us; it’s a scam. If possible, could you please forward this email or text message to us at: emailscams@lloydsbank.co.uk.”
In the email, users are directed to a fraudulent site called Lloyds[Dot]bank[Dot]unusual-login[Dot]com, which uses official branding to trick unsuspecting victims into assuming the site is legitimate, before requesting log-in details including, passwords, account information and security codes and other personal data.
Griffin Law’s research team also identified an SMS version of the scam in circulation. Some users also reported a text saying “ALERT FROM LLOYDS: New device attempted to set up a payee to XXX. If this was NOT you, visit: Lloyds[Dot]bank[Dot]unusual-login[Dot]com”.
Donal Blaney, Principal at Griffin Law, commented: “Banks and the police need to do far more to protect vulnerable members of the public from these scams. They have the money to do so. Why aren’t they doing more?”
Also commenting, Cyber expert Chris Ross, SVP International at Barracuda Networks, said: “Hackers often hijack the branding of legitimate companies in order to steal confidential financial data from unsuspecting victims.
“These scams can be very convincing, making use of official logos, wording, and personalised details to lull the individual into a false sense of security. In most cases, the victim will be directed to a fraudulent but realistic-looking website, where they are urged to enter account details, passwords, security codes and PIN numbers.
“Phishing attacks like this pose a huge risk both to individuals and the companies they work for, especially if hackers gain access to a business bank account. Tackling this problem requires robust policies and procedures as well as the latest email security systems in place to identify and block these scams before they reach the inbox.”
IBSi FinTech Journal

- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage
Other Related News
Related Reports

Sales League Table Report 2024
Know More
Global Digital Banking Vendor & Landscape Report Q4 2024
Know More
NextGen WealthTech: The Trends To Shape The Future Q4 2023
Know More
IBSi Spectrum Report: Supply Chain Finance Platforms Q4 2023
Know More