Fraudsters target Halifax customers

Which? warns about new Halifax scam set up to steal online banking login details
Halifax bank branch

Fake Halifax emails are circulating, aiming to harvest online banking login details by linking to a convincing copycat website. 

Which? reported this phishing site immediately, just one day after it appeared, but the scam website is still live at the time we published this story.

Here we show you each step of the scam and explain how to report similar fake sites to protect other people. 

Sign up for scam alerts

Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.

Sign up for scam alerts
Sign up

Fake Halifax emails

We received multiple reports about unsolicited emails from scammers posing as Halifax. 

These messages appear to come from 'Halifax' but the true sender addresses are hijacked Tiscali and TalkTalk accounts.

The scammers used convincing Halifax branding and claimed to be asking customers to 'refresh their contact details' as an extra security measure, inviting them to click a link provided to do so.

Anyone who clicks on one of these links will be redirected to a copycat Halifax website created on 20 September 2023 [hlfx-online.com]. 

Once Which? reported these phishing emails, the email addresses were blocked from sending any further messages and the account owners were prompted to reset their passwords.

Halifax phishing website

Halifax phishing scam

A large collection of images displayed on this page are available at https://www.which.co.uk/news/article/fraudsters-target-halifax-customers-aaUfS3M97Gm1

Although this fake website may look identical to the genuine Halifax website, the real Halifax domain is [halifax-online.co.uk] not [hlfx-online.com]. 

Using a protected device, we visited this phishing website, which asks you to enter a Halifax username and password. 

Once these details are captured, the fake site then invites you to reset your password and memorable information, or call the bank. 

This number is a genuine Halifax customer number that appears on the real website for current account customers who wish to call the bank from abroad.

Halifax confirmed to Which? that this number is still in use and receiving thousands of calls from customers on a daily basis, explaining that the scammers most likely showed a genuine telephone number to provide a degree of credibility if anyone suspicious conducts any checks.

Reporting bank scams

It's vital that banks and domain registrars act fast and work together to get malicious websites removed quickly, to limit the spread of these scams.

Which? reported this particular scam to Halifax as soon as we knew about it – only one day after it was created – but this website remains live. Which? understands that this website is in the process of being removed.

Unfortunately, scammers can easily create convincing websites designed to part you with your personal and financial details. You can discover information about a website, including details of the registrar and the date it was created, using a tool such as ICANN or Domain Tools

If you come across a suspicious website, report this to the National Cyber Security Centre (NCSC). Google also offers a 'Safe Browsing' tool in a bid to remove malicious content from its search results. 

You can forward suspicious emails to the NCSC at report@phishing.gov.uk and flag fake messages as 'phishing' to your email provider to help stop scams in their tracks. 

Seen or been affected by a scam? Help us protect others

Sharing details of the scam helps us to protect others as well as inform our scams content, research and policy work. We will collect information relating to your experience of a scam, but we won't be able to identify your responses unless you choose to provide your contact details.

Share scam details