Virgin Money sends email helping phishers

December 7th, 2012 at 18:17 UTC by Steven J. Murdoch

It’s not unusual for banks to send emails which are confusingly similar to phishing, but this recent one I received from Virgin Money is exceptionally bad. It tells customers that the bank (Northern Rock) is changing domain names from their usual one (northernrock.co.uk) to virginmoney.com and customers should use their usual security credentials to log into the new domain name. Mail clients will often be helpful and change the virginmoney.com into a link.

This message is exactly what phishers would like customers to fall for. While this email was legitimate (albeit very unwise), a criminal could follow up with an email saying that savings customers should access their account at virginsavings.net (which is currently available for registration). Virgin Money have trained their customers to accept such emails as legitimate, which is a very dangerous lesson to teach.

It would have been safer to not do the rebranding, but if that’s considered essential for commercial reasons, then customers should have been told to continue accessing the site at their usual domain name, and redirected them (via HTTPS) to the new site. It would mean keeping hold of the Northern Rock domain names for the foreseeable future, but that is almost certainly what Virgin Money are planning anyway.



[larger version]

Entry filed under: Authentication, Banking security, Usability, Web security

1 comment Add your own

  • 1. F  |  December 14th, 2012 at 22:32 UTC

    I have a VIrgin Money savings account but I don’t seem to have had that email (yet?). They are, in fact, redirecting https requests from online.northernrock.co.uk to online.virginmoney.com as you recommend. Which makes it all the more bizarre that they feel the need to send this email.

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to the comments via RSS Feed


Calendar

December 2012
M T W T F S S
« Nov   Jan »
 12
3456789
10111213141516
17181920212223
24252627282930
31