In only three days, I’ve received three similarly subjected emails namely from HSBC. It goes something like this:

As usually is done lately, these kind of phishing use extensive psychological pressure on its readers (read: preys) to take immediate actions without further considerations. This is where the success of these kinds of email phishing stems.
Now let’s take a look at the HTML file attachment:

Take notice at how relieving it is for someone who has been led to believe that his card has really been stolen and blocked. Amazing how this psychological trap works, right?
Now let’s see what it looks like when it’s run:

Don't fill any fields, it's a phishing page
Notice the underlined fields. Those fields alone can lead to disaster for an HSBC card holder, if he decides to fill in and click continue. What’s more is that the phishing goes as far as stealing your Internet Banking Identification!
So, how come it looks so real, as if it really is an legitimate HSBC website? Simple. It gets all of its HSBC attributes such as favicon and all FROM www.hsbc.co.uk:

Where is the intercepting address, if you’re wondering. Watch this part of the html file:

Beware!



















