Feeds

NatWest customers targeted in ‘phishing’ scam

Debit dump

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Net fraudsters have targeted NatWest customers in the latest fake email scam.

Reg readers report receiving emails today purporting to be a security check from NatWest, which are in reality attempts to trick users into handing over sensitive account information to fraudsters.

The scam mail (sample below) invites NatWest customers to input their debit card details on a bogus site, whose URL has been cunningly disguised to resemble the real thing. At the time of writing, the site, which seems to have been run off the servers of Hotbox hosting in Russia, has been replaced by a holding page. The fraudsters used email forwarding and routing via a New Zealand-based service provider to cover their tracks.

All indications are the scam emails were spammed to numerous people randomly in the hope of ensnaring unwary customers of the targeted organisation, in this case NatWest. It's a classic 'phishing' scam of the type previously targeted at customers of Lloyds TSB and Barclays, and before that PayPal and eBay.

Following the increased prevalence of such scams over the last two months, the National Hi-Tech Crime Unit and leading banking associations APACS and the BBA earlier this week issued a checklist for UK consumers designed to help them protect themselves against Internet fraudsters.

A NatWest spokeswoman echoed this advice: "NatWest never asks customers to provide that kind of account information by email. If a customer receives such an email, they should delete it immediately without responding."

She said that she was unaware of anyone who's lost any money because of the scam at this time. In any case, NatWest is promising any customers defrauded through the ruse that it will make good on any loses they suffer.

We're told that since the Lloyds TSB and Barclays fraudulent emails appeared, NatWest has taken "pro-active steps" to warn its customers about such scams through advice on its Web site.

NatWest customers with any remaining concerns are advised to call the bank's helpline on 0845 60 50 789.

Spam, which accounted for more than 50 per cent of all email messages sent over the Internet, is increasingly being used for criminal activity in the US and Europe, according to antispam specialists Brightmail.

Brightmail reckons that various forms of scams account for one in ten of the spam messages it blocked in August, with 17 per cent of these involving identity theft or phishing scams.

No surprise then phishing scams repeatedly target the same organisations (we received yet another PayPal 'security check' email earlier this week). Continual vigilance, and better user education, (along with technical measures to block and detect fraud is therefore strongly recommended. ®

From: Verification <verify40@natwest.com>
Subject: NatWest E-mail Verification
Date: Fri, 24 Oct 2003 21:21:54 +0000
To:

Dear NatWest Bank Member,

This email was sent by the NatWest server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your NatWest login ID, Password and PIN. This is done for your protection --- because some of our members no longer have access to their email addresses and we must verify it.

To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link (or if you use AOL), copy and paste the link into the address bar of your web browser.

http://www.natwest.com:ac=ZiZe4RhP5jp4dJT0w8jw@x09fld.MaIl333.CoM/3/?G7g8Zd0e9oN9TNn

-------------------------------------------
Thank you for using NatWest!
--------------------------------------------

Related Stories

UK banks and police proffer anti-phishing advice
Lloyds TSB phishing scam nipped in the bud
Barclays: Internet scam victim
Email fraudsters target Barclays
Two-in-one ID theft, fee fraud scam debuts
Accused AOL phisher spammed the FBI
Email scam aims to swipe PayPal users' credit card details
ID theft hits 10m Americans a year
MS, eBay, Amazon et al join ID theft busters

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.