Feeds

NatWest customers targeted in ‘phishing’ scam

Debit dump

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

Net fraudsters have targeted NatWest customers in the latest fake email scam.

Reg readers report receiving emails today purporting to be a security check from NatWest, which are in reality attempts to trick users into handing over sensitive account information to fraudsters.

The scam mail (sample below) invites NatWest customers to input their debit card details on a bogus site, whose URL has been cunningly disguised to resemble the real thing. At the time of writing, the site, which seems to have been run off the servers of Hotbox hosting in Russia, has been replaced by a holding page. The fraudsters used email forwarding and routing via a New Zealand-based service provider to cover their tracks.

All indications are the scam emails were spammed to numerous people randomly in the hope of ensnaring unwary customers of the targeted organisation, in this case NatWest. It's a classic 'phishing' scam of the type previously targeted at customers of Lloyds TSB and Barclays, and before that PayPal and eBay.

Following the increased prevalence of such scams over the last two months, the National Hi-Tech Crime Unit and leading banking associations APACS and the BBA earlier this week issued a checklist for UK consumers designed to help them protect themselves against Internet fraudsters.

A NatWest spokeswoman echoed this advice: "NatWest never asks customers to provide that kind of account information by email. If a customer receives such an email, they should delete it immediately without responding."

She said that she was unaware of anyone who's lost any money because of the scam at this time. In any case, NatWest is promising any customers defrauded through the ruse that it will make good on any loses they suffer.

We're told that since the Lloyds TSB and Barclays fraudulent emails appeared, NatWest has taken "pro-active steps" to warn its customers about such scams through advice on its Web site.

NatWest customers with any remaining concerns are advised to call the bank's helpline on 0845 60 50 789.

Spam, which accounted for more than 50 per cent of all email messages sent over the Internet, is increasingly being used for criminal activity in the US and Europe, according to antispam specialists Brightmail.

Brightmail reckons that various forms of scams account for one in ten of the spam messages it blocked in August, with 17 per cent of these involving identity theft or phishing scams.

No surprise then phishing scams repeatedly target the same organisations (we received yet another PayPal 'security check' email earlier this week). Continual vigilance, and better user education, (along with technical measures to block and detect fraud is therefore strongly recommended. ®

From: Verification <verify40@natwest.com>
Subject: NatWest E-mail Verification
Date: Fri, 24 Oct 2003 21:21:54 +0000
To:

Dear NatWest Bank Member,

This email was sent by the NatWest server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your NatWest login ID, Password and PIN. This is done for your protection --- because some of our members no longer have access to their email addresses and we must verify it.

To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link (or if you use AOL), copy and paste the link into the address bar of your web browser.

http://www.natwest.com:ac=ZiZe4RhP5jp4dJT0w8jw@x09fld.MaIl333.CoM/3/?G7g8Zd0e9oN9TNn

-------------------------------------------
Thank you for using NatWest!
--------------------------------------------

Related Stories

UK banks and police proffer anti-phishing advice
Lloyds TSB phishing scam nipped in the bud
Barclays: Internet scam victim
Email fraudsters target Barclays
Two-in-one ID theft, fee fraud scam debuts
Accused AOL phisher spammed the FBI
Email scam aims to swipe PayPal users' credit card details
ID theft hits 10m Americans a year
MS, eBay, Amazon et al join ID theft busters

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?