Which? reported this phishing site immediately, just one day after it appeared, but the scam website is still live at the time we published this story.
Here we show you each step of the scam and explain how to report similar fake sites to protect other people.
Fake Halifax emails
We received multiple reports about unsolicited emails from scammers posing as Halifax.
These messages appear to come from 'Halifax' but the true sender addresses are hijacked Tiscali and TalkTalk accounts.
The scammers used convincing Halifax branding and claimed to be asking customers to 'refresh their contact details' as an extra security measure, inviting them to click a link provided to do so.
Anyone who clicks on one of these links will be redirected to a copycat Halifax website created on 20 September 2023 [hlfx-online.com].
Once Which? reported these phishing emails, the email addresses were blocked from sending any further messages and the account owners were prompted to reset their passwords.
Find out more:Halifax phishing website
Although this fake website may look identical to the genuine Halifax website, the real Halifax domain is [halifax-online.co.uk] not [hlfx-online.com].
Using a protected device, we visited this phishing website, which asks you to enter a Halifax username and password.
Once these details are captured, the fake site then invites you to reset your password and memorable information, or call the bank.
This number is a genuine Halifax customer number that appears on the real website for current account customers who wish to call the bank from abroad.
Halifax confirmed to Which? that this number is still in use and receiving thousands of calls from customers on a daily basis, explaining that the scammers most likely showed a genuine telephone number to provide a degree of credibility if anyone suspicious conducts any checks.
Reporting bank scams
It's vital that banks and domain registrars act fast and work together to get malicious websites removed quickly, to limit the spread of these scams.
Which? reported this particular scam to Halifax as soon as we knew about it – only one day after it was created – but this website remains live. Which? understands that this website is in the process of being removed.
Find out more:undefinedsource https://www.which.co.uk/news/article/fraudsters-target-halifax-customers-aaUfS3M97Gm1