NatWest Bank Phishing Scam
[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.
Header:
X-Account-Key: account2
X-UIDL: x
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: x
X-YahooFilteredBulk: 87.210.87.240
X-Originating-IP: [87.210.87.240]
Authentication-Results: mta107.mail.ukl.yahoo.com from=natwest.co.uk; domainkeys=neutral (no sig)
Received: from 87.210.87.240 (HELO ip240-87-210-87.adsl2.static.versatel.nl) (87.210.87.240)
by mta107.mail.ukl.yahoo.com with SMTP; Fri, 27 Jun 2008 03:26:31 +0000
Received: from litezone.com (sexymixser.com.site5.com [82.196.174.18])
by tandastudios.com with SMTP id DPB46CGPPK
for <x>; Thu, 26 Jun 2008 23:26:24 -0500
Received: from sarsaparilla.purinmail.com (EHLO willful.purinmail.com [21.172.118.190])
by spylog.com with SMTP id S9V5OEH65G
for <x>; Fri, 27 Jun 2008 09:26:24 +0500
From: "NatWest bank" <c_service.id639-14502ncf@natwest.co.uk>
To: x
Subject: urgent notification!
X-Authenticated: #85654614
User-Agent: Sylpheed version 0.8.2 (GTK+ 1.2.10; i586-alt-linux)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--BNd8uyi4wpgpgdtid4uweqWK"
Body:
Dear NatWest bank customer,
Security and confidentiality are at the heart of Natwest Bankline. Your data (and your money) is protected by a number of technologies, including Secure Sockets Layer (SSL) encryption.
We would like to notify you that NatWest bank carries out customer data verification procedure that is compulsory for all Natwest bank customers. This procedure is attributed to a routine banking software update.
Please login to Natwest online banking using the link below and follow the instructions on the screen.
Natwest Customer Service
0x9080, 0x72, 0x037, 0x12217262, 0x0881, 0x15902307 root J650 common ZSNH function revision. 0IX1: 0x7, 0x710, 0x6903, 0x4, 0x990 3558836674338052801 0x8, 0x8081, 0x365 0x82, 0x28, 0x1017, 0x35052684, 0x953, 0x20723239, 0x90247971, 0x9607, 0x48278205, 0x4529 0x391, 0x44, 0x829, 0x8, 0x3613, 0x8 root: 0x76, 0x9363, 0x1, 0x20110215, 0x06, 0x3595, 0x8870, 0x87, 0x6, 0x7, 0x087 0x97, 0x4569, 0x57187002, 0x094, 0x18, 0x9, 0x569, 0x7337, 0x838, 0x39, 0x5463, 0x15169319, 0x26 0x2, 0x8079, 0x28, 0x667, 0x3, 0x81456124, 0x393, 0x45446806, 0x69489332
interface: 0x4, 0x59, 0x814, 0x06366167, 0x82843383, 0x7, 0x48696937, 0x907 JPS: 0x70, 0x482, 0x18, 0x6, 0x2568, 0x09, 0x7686, 0x82, 0x43705665, 0x8368, 0x5, 0x25, 0x00 0x14, 0x44, 0x24, 0x53, 0x1758, 0x929 source, end, interface, update, start, W71, interface, dec 0x2975, 0x48, 0x48686448, 0x6240, 0x8, 0x011, 0x9662, 0x45890518, 0x6096, 0x50 31283051290048272783146 cvs: 0x17456218, 0x8113, 0x837, 0x94, 0x47, 0x5, 0x011, 0x79, 0x399, 0x68646826, 0x84, 0x1 5P7F, common, 3PV, end, CI7H, 3EY8, X2W, start V7C: 0x49651626 O7CU: 0x597 start: 0x39, 0x6, 0x1762, 0x17652857
BIG: 0x14, 0x310, 0x09, 0x88, 0x77508117, 0x495, 0x44894319, 0x42169329, 0x691, 0x5, 0x44886773, 0x74296108, 0x1 0x0, 0x699, 0x7314, 0x27, 0x3 include: 0x34, 0x1, 0x80, 0x91, 0x68, 0x36622465, 0x370, 0x8, 0x8, 0x9, 0x9, 0x5 RAR5: 0x8, 0x48032521, 0x986, 0x5 hex WB19 F629 serv exe. 0x95, 0x47, 0x8081, 0x71, 0x3234, 0x8, 0x419 0x953, 0x409, 0x90256461, 0x9, 0x68, 0x27852319, 0x9324, 0x53, 0x66, 0x8, 0x02632821, 0x34, 0x81, 0x29, 0x5401 0x6, 0x34, 0x050, 0x7605, 0x1, 0x670, 0x05, 0x43, 0x8983, 0x9, 0x0, 0x7 revision, 2OXG, 72JC, start, create, PKR, close, 7V0I, stack 0x86, 0x2002, 0x3422, 0x1, 0x52891039, 0x7453 028019067995477
363620694GIX: 0x2, 0x10, 0x757, 0x5369, 0x2576, 0x0920, 0x0, 0x3 3OHH: 0x460, 0x235, 0x39, 0x57674842, 0x6400, 0x06, 0x1790, 0x9417, 0x554, 0x25696206, 0x2039 0x05, 0x41, 0x00, 0x29933192, 0x75, 0x347
Comments:
Related Cyber Criminal Profiles:
No related profiles found.Similar Spam Examples:
Banking Phishing Scam - Natwest - Reactivate your Online AccessNatWest Credit Card Services Banking Phishing Scam
Banking Phishing Scam - Your LoydsTSB Account will expire on 01 Aug 2012
Bank of America Phishing Scam - Verification of Your Current Details
Mr. Kurt Kahle, The Subject Of Another Next of Kin Scam
Related Malware Samples:
No related malware samples found.[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
A typical NatWest phishing e-mail starts with "Dear NatWest Bank Customer" followed by some crazy reason why you should click on the 5 mile long phishing link and ends with loads of hexadecimal characters and incoherent garbage (the hash buster text highlighted in yellow).
This e-mail contains a small technical error that's easily overlooked. We live in an age where branding is everything, so big corporations place a lot of emphasis on the smaller details of marketing and consistent branding. NatWest will always spell their name as "NatWest" and not "Natwest", because the former obviously resembles their logo. So you can even identify a scam e-mail by paying attention to the capitalisation of certain letters in the e-mail.
Banks will, as a rule of thumb, never send e-mails like these to their customers. After all, what does a routine software update have to do with customer data verification? Most banks verify your details before you open an account with them, so simply ask yourself the question... what is there to verify afterwards if they already have everything about you on file?