One Account to Rule Them All

Today we've been seeing a new comer on the phishing scene. This one is attempting to steal the accounts of a service that I was not yet aware of, that's because this service is UK based and I am not. This phishing attack is going after One Account - accounts. This is apparently a service that helps you to pay down your mortgage by combining your savings account, mortgage, and your income in one account. I didn't read enough to tell you exactly how it works because it was making me sleepy, but I can tell you how this phishing campaign works -
First an email campaign began early this morning touting a new updated version of the banking software. This being complete with a link to the malicious websites, which there were relatively few of in this case.Once at the website you are prompted for your account log in info.
After giving up this information, the false site tries for a little more asking for your name, address and email address. On a side note, none of these fields bothers checking for proper formatting, it just accepts the info you put in, and continues. On a side side note, my new email address is "fdhgdhgdt".
After entering this information a dialog box pops up thanking you for your information and that you will now be logged out?? Strange, that's usually the opposite of what I'm going for when I log-in to something, but ok. Next it redirects you to the actual One Account site where you get to log in all over again to see that your account is now empty.If it's in regards to your livelihood, your life savings, your identity, or anything else important to you, and it arrives in an email from a stranger, throw it away, it's fraudulent. Your bank will never contact you via email to make account changes, maybe you'll get a monthly newsletter or factoid from them, but that is it. I'm almost to the point to say, ignore it all unless you were expecting it, but that may be a little above and beyond, but not by much.