TD Canada Trust

Date:07.11.2005

Threat Type: Phishing Alert

Websense® Security Labs™ has received reports of a new phishing attack that targets customers of TD Canada Trust. Users receive a spoofed email message about a security breach that requires users to report on recent account activity. Users are asked to click a link contained in the e-mail. The link leads to a phishing site that displays an online banking logon prompt. Once account information is entered, the user is redirected to the real TD Canada Trust web site.

This phishing site is hosted in Australia and was up at the time of this alert.

Phishing e-mail text:

Due to a recent security breach in the TD computer systems, we are asking all customers to immediately update with the link below and immediatley report any unnoticed informations changes, unexplained funds depletion or the likewise. Rest assured that we have the safety and privacy of our customers as our top priority but please help us by following the instructions below:

Update and verify your information by clicking the link below:
<URL Removed>

If your account information is not updated within 48 hours then any complaints will be dealt with as a seperate incident from this security breach.  Please update as soon as possible.

Part of the TD Devlopment Team.
This is an automatic message. Please do not reply.

Phishing site screenshot: