If you do your online banking with TESCO, or indeed have a credit card with them you may want to be on the lookout for the following website which is hosting a rather large tally of login pages. The site in question is
mrqos(dot)com(dot)au/kate/tess/tescr/login(dot)html
and that particular site was flagged not so long ago in the Zone-H defacement mirror, with “KEST” compromising it on or around the 15th of October, 2013.
Click to Enlarge
Here’s 100 or so identical HTML pages in one directory offering up a TESCO credit card login:
Click to Enlarge
Click to Enlarge
Click to Enlarge
All of the above pages present end-users with the following login screen:
Click to Enlarge
The page asks end-users to login to “Tesco bank online banking” with “credit card” mentioned in the top right hand corner. After entering a username, the page asks for more information in two stages:
Click to Enlarge
“Login with Internet PIN, password, cvv2 and email”
The next page asks for considerably more information:
Click to Enlarge
First name, last name, middle name, mother’s maiden name, house number, postcode, mobile and landline, DOB, 16 digit account number…
Click to Enlarge
….expiry date, cvv2, 6 digit security number and no less than three security questions.
In another directory, we have much the same thing – 100 or so pages of Tesco login portals:
Click to Enlarge
These pages are slightly different from the ones in the first directory, with mentions of credit cards removed – the focus here being on the online banking portion (tescobank(dot)com).
Click to Enlarge
It follows much the same pattern as the pages in the other directory, as you’d expect.
Click to Enlarge
It goes without saying – so I’m going to say it – that you should only ever log in on the homepage of your bank or credit card. Visiting it from URLs in emails or random messages sent your way just won’t cut the mustard – physically type in the URL, ensure there’s a padlock and the connection is encrypted. You won’t find padlocks or encryption on the above pages, for example.
Click to Enlarge
Here’s the tescobank website. Note the green bar, which you can click to confirm you’re on the real site and the connection is secure:
Click to Enlarge
I note since I started to write this entry that the site is now flagged as a confirmed Phish on Phishtank. Hopefully the admin will be able to fix up whatever lingering problem remains and set about a rather large clean-up operation…
Christopher Boyd
The post TESCO Online Banking / Credit Card Customers: Watch where you’re logging in appeared first on ThreatTrack Security Labs Blog.
Source: /w8dyp-4cISc/3~/ytiruceskcarttaerht/r~/moc.elgoog.yxorpdeef