Feeds

NatWest customers targeted in ‘phishing’ scam

Debit dump

  • alert
  • submit to reddit

SANS - Survey on application security programs

Net fraudsters have targeted NatWest customers in the latest fake email scam.

Reg readers report receiving emails today purporting to be a security check from NatWest, which are in reality attempts to trick users into handing over sensitive account information to fraudsters.

The scam mail (sample below) invites NatWest customers to input their debit card details on a bogus site, whose URL has been cunningly disguised to resemble the real thing. At the time of writing, the site, which seems to have been run off the servers of Hotbox hosting in Russia, has been replaced by a holding page. The fraudsters used email forwarding and routing via a New Zealand-based service provider to cover their tracks.

All indications are the scam emails were spammed to numerous people randomly in the hope of ensnaring unwary customers of the targeted organisation, in this case NatWest. It's a classic 'phishing' scam of the type previously targeted at customers of Lloyds TSB and Barclays, and before that PayPal and eBay.

Following the increased prevalence of such scams over the last two months, the National Hi-Tech Crime Unit and leading banking associations APACS and the BBA earlier this week issued a checklist for UK consumers designed to help them protect themselves against Internet fraudsters.

A NatWest spokeswoman echoed this advice: "NatWest never asks customers to provide that kind of account information by email. If a customer receives such an email, they should delete it immediately without responding."

She said that she was unaware of anyone who's lost any money because of the scam at this time. In any case, NatWest is promising any customers defrauded through the ruse that it will make good on any loses they suffer.

We're told that since the Lloyds TSB and Barclays fraudulent emails appeared, NatWest has taken "pro-active steps" to warn its customers about such scams through advice on its Web site.

NatWest customers with any remaining concerns are advised to call the bank's helpline on 0845 60 50 789.

Spam, which accounted for more than 50 per cent of all email messages sent over the Internet, is increasingly being used for criminal activity in the US and Europe, according to antispam specialists Brightmail.

Brightmail reckons that various forms of scams account for one in ten of the spam messages it blocked in August, with 17 per cent of these involving identity theft or phishing scams.

No surprise then phishing scams repeatedly target the same organisations (we received yet another PayPal 'security check' email earlier this week). Continual vigilance, and better user education, (along with technical measures to block and detect fraud is therefore strongly recommended. ®

From: Verification <verify40@natwest.com>
Subject: NatWest E-mail Verification
Date: Fri, 24 Oct 2003 21:21:54 +0000
To:

Dear NatWest Bank Member,

This email was sent by the NatWest server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your NatWest login ID, Password and PIN. This is done for your protection --- because some of our members no longer have access to their email addresses and we must verify it.

To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link (or if you use AOL), copy and paste the link into the address bar of your web browser.

http://www.natwest.com:ac=ZiZe4RhP5jp4dJT0w8jw@x09fld.MaIl333.CoM/3/?G7g8Zd0e9oN9TNn

-------------------------------------------
Thank you for using NatWest!
--------------------------------------------

Related Stories

UK banks and police proffer anti-phishing advice
Lloyds TSB phishing scam nipped in the bud
Barclays: Internet scam victim
Email fraudsters target Barclays
Two-in-one ID theft, fee fraud scam debuts
Accused AOL phisher spammed the FBI
Email scam aims to swipe PayPal users' credit card details
ID theft hits 10m Americans a year
MS, eBay, Amazon et al join ID theft busters

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.