Fraudsters target Halifax customers

Fake Halifax emails are circulating, aiming to harvest online banking login details by linking to a convincing copycat website.
Which? reported this phishing site immediately, just one day after it appeared, but the scam website is still live at the time we published this story.
Here we show you each step of the scam and explain how to report similar fake sites to protect other people.
Sign up for scam alerts
Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.
Sign up for scam alerts
Fake Halifax emails
We received multiple reports about unsolicited emails from scammers posing as Halifax.
These messages appear to come from 'Halifax' but the true sender addresses are hijacked Tiscali and TalkTalk accounts.
The scammers used convincing Halifax branding and claimed to be asking customers to 'refresh their contact details' as an extra security measure, inviting them to click a link provided to do so.
Anyone who clicks on one of these links will be redirected to a copycat Halifax website created on 20 September 2023 [hlfx-online.com].
Once Which? reported these phishing emails, the email addresses were blocked from sending any further messages and the account owners were prompted to reset their passwords.
- Find out more: How to spot an email scam
Halifax phishing website
Although this fake website may look identical to the genuine Halifax website, the real Halifax domain is [halifax-online.co.uk] not [hlfx-online.com].
Using a protected device, we visited this phishing website, which asks you to enter a Halifax username and password.
Once these details are captured, the fake site then invites you to reset your password and memorable information, or call the bank.
This number is a genuine Halifax customer number that appears on the real website for current account customers who wish to call the bank from abroad.
Halifax confirmed to Which? that this number is still in use and receiving thousands of calls from customers on a daily basis, explaining that the scammers most likely showed a genuine telephone number to provide a degree of credibility if anyone suspicious conducts any checks.
Reporting bank scams
It's vital that banks and domain registrars act fast and work together to get malicious websites removed quickly, to limit the spread of these scams.
Which? reported this particular scam to Halifax as soon as we knew about it – only one day after it was created – but this website remains live. Which? understands that this website is in the process of being removed.
Unfortunately, scammers can easily create convincing websites designed to part you with your personal and financial details. You can discover information about a website, including details of the registrar and the date it was created, using a tool such as ICANN or Domain Tools.
If you come across a suspicious website, report this to the National Cyber Security Centre (NCSC). Google also offers a 'Safe Browsing' tool in a bid to remove malicious content from its search results.
You can forward suspicious emails to the NCSC at report@phishing.gov.uk and flag fake messages as 'phishing' to your email provider to help stop scams in their tracks.
- Find out more: how to report scams to warn others
Seen or been affected by a scam? Help us protect others
Sharing details of the scam helps us to protect others as well as inform our scams content, research and policy work. We will collect information relating to your experience of a scam, but we won't be able to identify your responses unless you choose to provide your contact details.
Share scam details