Fraudsters phish for NatWest clients with 'Stephen Hester' email NatWest customers are being targeted by a run of fake "phishing" emails exploiting the recent disruption in the bank's services, Action Fraud warns. The fraudulent electronic messages offer prospective marks access to their accounts in exchange for personal information. In reality the opportunistic scam is purely designed to …
The bank sent out an email warning customers to ignore such phishing emails ???
My bank just changed it's login page again. At the bottom there is some logo of "super-safe-trust-security-inc" and a warning saying, if you think this page isn't genuine or there is anything suspicious here call ... and then a phone number - generated on the page that is suspicious !
A few months ago when logging into First Direct I was "unexpectedly" asked to answer my secondary security questions and update my password (later I realized that the problem was they'd rejigged the login page and the "forgotten password" button was where the "procede" button used to be). As I did this I suddenty thought am I being phished - assuming a phisher knew what they were doing then there was no point in sending a message via the first direct "secure message" system so instead I sent an email exlaining what had happened and why I wasn;'t using the "secure message" system to customer services - only to get a reply saying "we cannot comment on account via email, please send a secure message from your account page". Anyway, as mentioned once I'd worked out what had happened then I realized there wasn't an issue but its another catch-22 - how do you tell a bank that you think your login in and thus access to the secure messaging system has been compromised if they'll only respond to questions submitted on the secure messaging system!
I know what the weather in India is like, or, at least, the bit that I live in.
When I do get through to an Indian call centre, I sigh with relief that I don't have to explain funny addresses like "7-bar-9-oh-sorry-that's-7-slash-nine-but-we-say-bar," explain where the "H" is in "Gandhi", spell the name of my city slowly and explain Indian post codes.
Unfortunately, when I call the Royal Bank of Scotland I usually get a very pleasant, but softly-spoken person whose Scottish accent is not at all easy, over 5,000 miles of telephone network, on my very British but somewhat deaf ears.
(Not that anyone wants to know, but I'm really really really not being anti-Scottish here. It's that high-frequency hearing loss thing: certain accents are much harder to understand than others.)
This post has been deleted by its author
Happened to me last month, when I called a call centre in South America. It's not only the hearing loss. To save some bucks, they send the call through VOIP and a sound compression method that plays havoc with sharp sounds. The CSR was a girl with such a sharp voice I could barely understand a word out of two. I have a basso voice and I suspect the CSR was also having trouble understanding what I was saying, probably due to some other compression artifact.
I dont think this is accidental. This way if you have any problem/complaint with a company, you have to spend hours talking to people you hardly understand and who have a hard time understanding you, and who probably don't have the faintest idea of the problem. So 90% complainants en giving up, and half of the rest suffers a stroke :-).
And usually you get the impression that those outsourced CSRs don't give a shit about not being able to fix your problems with the company. Their job is not fixing your problems. Their job is forcing you to give up your claims, and they do that job exceedingly well.
How long until we see an email along the lines of
"hello, my name is Sanjit and I work for RBS in India. I made a mistake on a data backup which caused all the problems with the bank. Luckily my manager has not been able to place the blame on me but when we fixed the system I realized that £10MILLION was left in a holding account - if he sees this he'll know it was my fault and sack me. Can you help me please and let me transfer this money into your account - you can keep the money and I'll keep my job"
The original RBS phishing email
hello, my name is Fred and RBS used to work for me. I made a mistake on a bank purchase which caused all the problems with the bank. Luckily I didn't have a manager to place the blame on me but when we fixed the system I realized that £10MILLION was left in my account. Can you help me please and let me transfer more money into my account - I can keep the money and you can loose your job.
with this email. Next time it'll surface even before the bank has "fixed" the problem.
generally I don't have much sympathy with people falling for email scams, but on the other hand, the more desperate you are, the more you want to believe someone actually wants to help you. And this one is preying on desperation.
i understand why you dont have much sympathy , but what we need to remember is that a lot of the people who fall for things like this are "getting on a bit " , " not very i.t literate " or from the "shallow end of the gene pool " .
we are not all i.t ninjas :)
Retired IT manager (one of the IT-literate ones, I like to think) here ... and I recall the day I nearly fell for one of the scam Paypal mails.
Luckily, I took a second look at the addresses in the links just in time. We can all be caught out, and "I should have known better" comes too late.
There's nothing amazing about these things looking realistic. It's easy enough to grab graphics off the real sites. I don't even do html, but I bet I could find out enough by this time tomorrow to knock up something similar. Forgery has never been simpler --- or more threatening to such a large number of people.
Are these phishing emails positively targeting Nat West and RBS customers alone ?
Or is it just a blanket phish going out to world and dog ?
If the former is the case I would find it rather alarming.
Sorry, but I couldn't see an answer to this in the article. To me it did seem to suggest the former scenario. Clarification would be good either way.
A good way to determine whether an email is coming from a fraudulent source, is to tap or click & hold on the email address of the sender. If it looks funky, like the email address doesn't have the company's name at the end or it looks like jibberish, then it's most likely a fake. Also, beyond email, there are ways of getting you to release important info about yourself or your financial accounts. I recently received a robocall about an account that I has opened @ Bank of America. At first I tought I was legit, until I realized that no bank will contact a customer in the middle of the night. They had probably correctly assumed that they would get more people to participate if they called while people are sleeping & not thinking as clearly
Unfortunately, some organisations send out their email via a third party. It's much the same as is done for physical mail, though there is obviously less hassle over email than with sending out printed letters.
And then, when email doesn't get delivered, because it looks like spam, it's our fault rather than theirs.
...anyone afflicted by this will also blame the bank, when it's not the bank's fault at all (in this particular case). I do hope they don't end up having to compensate people for this too, Hester==git notwithstanding.
Remember, for most people who have some money in account float for emergencies, it's not been a problem, If I read El Reg right: it's incoming payments that have been delayed. You can still use your debit cards and get cash out of machines, provided the funds were there already, right? (As it happens I've not had to, coincidence)
I've been wondering since last week when the first phising mails would come out "Due to our recent computer glitch we now require you to eneter your security details......." etc.
Sad thing is I'm a Natwest customer, and I've now had 4 or 5 emails from the bank apologising, advising of extended opening hours etc. HOWEVER, not one of those mails has contained a warning to the effect of " As a result of this glitch it is possible that fraudsters/criminals/terrorists/paedophiles (delete as approrpiate) may send out fraudulent emails asking you to log into your account and re-enter your security details. Under circumstaances will Natwest ask you to do this, blah blah, blah"
Extra big fail on behalf of Natwest/RBS there, me thinks.
Actually - let me amend my last post. I've just re-read my mails from NatWest. There is a paragraph warning about Phishing mails. It's buried amongst the gibblets of small-print and disclaimers at the bottom of the mail, after all their logos and things. In circumstances like this I think they really need to emphasize the phishing and security aspects in every email they send out.
As a former contractor at RBS. I am not surprised that shortsighted management created the environment for this mess.
To the point though, there is an opportunity here to mess with the scammers.
DO NOT TRY THIS IF YOUR BANKING DETAILS ARE ANYWHERE ON YOUR COMPUTER EVEN IF YOU HAVE WITHDRAWN FROM ONLINE BANKING.
When you get any email from any bank and you do not have any bank account details on your computer, follow the link, noting the lack of https and the strange url; if you have siteadvisor software - USE IT; fill in the information requested using swearwords and false details - me@home.org is good email address for example then sit back in the knowledge that the scammer will have a database full of rubbish to trawl through.
DO NOT TRY THIS IF YOU HAVE BOUGHT ANYTHING ON THE INTERNET -the risk is low though the penalty high.
Yet another story highlighting the inherent folly of giving your e-mail address to your bank.
Seriously, why would you do that? E-mail is too insecure for anything sensitive, and too slow for anything time-critical. What exactly would you want to receive that way?
I use internet banking all the time, but none of it goes through my e-mail system.
So if any bank never wants its customers to be phished again, the fix is simple:
UPDATE customer SET email = ''
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
