Best Viewed With Firefox, Chrome or Safari
Copyright (c) 2006-2016 Coenraad de Beer
Cyber Top Cops - The Cyber Security Experts
Bringing Law and Order to the Cyber World
Copyright © 2006-2016 Coenraad de Beer


About Us Contact Us Support Us
Custom Search
Bookmark and Share RSS Feeds

 

National Westminster Bank Phishing Scams

PLEASE NOTE: National Westminster Bank is not responsible for these e-mail scams. Organisations and individuals, pretending to be National Westminster Bank, initiate them. All trademarks and related logos are either trademarks or registered trademarks of their respective owners, or their licensors. Cyber Top Cops is in no way affiliated with National Westminster Bank. The "Received From" e-mail address mentioned for each e-mail on this page, is a spoofed e-mail address and is not the true origin of the scam e-mail.

Date: 1 December 2007 (Published 29 November 2007)
Received from "Natwest Digital Banking'07" <customerssupport_refnum-993js@natwest.com>
Subject: Natwest Direct Banking: Please Authorize Your Online Banking Service Login

   Natwest Bank United Kingdom

Dear NatWest Direct Banking user!

Our Technical Unit is performing an arranged Direct and Digital Banking Service upgrade

By clicking on the link below you will begin the procedure of the user login approval:

http://www.natwest.co.uk.[DELETED]/service/nwolb/default.aspx.htm?host=30kLjyveLjyveLadrzveDtcwhhOkhOvp

These directions are to be mailed and followed by all clients of the NatWest Bank Internet Banking

Natwest does apologize for the troubles caused to you, and is very grateful for your cooperation.

If you are not user of Natwest Internet Banking please ignore this letter!

--- This is an automated message please do not reply ---

© 2007  NatWest Bank UK. All Rights Reserved.

Cyber Top Cops can also travel through time like the Phishing scammers. The date of this e-mail probably got screwed up due to a spam-bot operating on a misconfigured system. This is just another illustration of how easy it is to spot a scam, just by paying attention to the smaller details.


Date: 3 September 2007
Received from "NatWest" <clientservice.ref411330797777258.ib@natwest.com>
Subject: important notice! (message id: dt7390549053788)

Dear National Westminster Bank customer,

National Westminster Bank Customer Service requests you to complete Online Banking Customer Form.

This procedure is obligatory for all internet banking users of National Westminster Bank.

Please click hyperlink below to access Online Banking Customer Form.

http://onlinesession-4728142.natwest.com/updatemode/userdatadirectory/start.aspx

Please do not respond to this email.

Copyright 2007. National Westminster Bank plc. All Rights Reserved.

____________________________________________________________________________________

Hash Buster Text for National Westminster Bank Scam Example


Date: 3 September 2007
Received from "NatWest" "NatWest bank" <clientservice.refCD62815905FG.ib@natwest.co.uk>
Subject: NatWest Bank: important notification!

Dear NatWest Bank customer,

NatWest Bank Customer Service requests you to complete Online Banking Customer Form.

This procedure is obligatory for all internet banking users of NatWest Bank.

Please click hyperlink below to access Online Banking Customer Form.

http://onlinesession-81845514.natwest.com/updatemode/userdatadirectory/start.aspx

Please do not respond to this email.

Copyright 2007. National Westminster Bank plc. All Rights Reserved.

=

Hash Buster Text for National Westminster Bank Scam Example

The format of these e-mails is similar to the first Royal Bank Of Scotland Phishing Example as well as the TD Canada Trust Phishing Example. The colour of the hash buster text at the bottom of each e-mail was supposed to be white (in order to hide the text from the human eye), but Thunderbird ignored the HTML code and displayed the hash buster text in black. This was done because the message was flagged as spam and all e-mails labelled as spam by Thunderbird, are displayed in Simple HTML, therefore ignoring the colour specified in the HTML code of the e-mail body.

[Back To Banking Phishing Scams Page]