What a strange phishing email

I understand the pretending to be from Lloyds and phishing but why pick ebilling@bt.com as the sender. How is that in any way associated with Lloyds.


  1. I would guess based on the research at http://research.microsoft.com/apps/pubs/default.aspx?id=167719 that it's a gullibility test - if you spot it, chances are good that you'd spot other mistakes in the phish, so lets rule you out nice and early, in the hope that you won't then flag the destination site as a scam.

  2. I could come up with a few new "ph" words to describe the phishermen behind this.

  3. Perhaps it's an address people are likely to have whitelisted - and maybe without the precautions Gmail and others would apply to genuine bank domains like SPF checks or DKIM?

    That, or they randomly pair up names and addresses to evade spam filters: I suppose a massive spam run with a single sender address at lloyds.com would be less likely to get through.

  4. Reused spam bot / setup and lazy phishers forgot to change send address.


Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

TOTSCO 66 is guidance, optional

I feel I need to explain this. The TOTSCO call today, first I have been on, and wow! But a key point was TOTSCO bulletin 66, which is actual...