Clever phishing attempt

JimmyTheWig

I can normally spot a phishing attempt without opening the email, but this one made me look twice.

Was an email from a bank that I use entitled "Your Account Summary".
In the email they say that to combat cyber crime (clever double-bluff) they have changed their electronic services (this is the bit that I think is very clever, as it would explain why the page you end up on doesn't look exactly the same as the one that you are used to) and that you should click the link and enter all your details (ok, so that's not so clever - that's just phishing).

Thought I'd use this as a reminder to people to never click links in emails from "your bank" asking you to log in or enter your details - however convincing the email looks.

InsideInsurance

Sounds a fairly basic attempt to be honest.

The salutation of "Dear Customer" or "Dear valued account holder" is normally the biggest giveaway

rb10

InsideInsurance wrote: »

The salutation of "Dear Customer" or "Dear valued account holder" is normally the biggest giveaway

Although this is complicated by the fact that genuine Natwest emails start with 'Dear Customer'.

ColdIron

I'm struggling to spot the clever bit

Uxb

I've seen a much more clever one on a friends computer that pops a browser window up which is pretending to be a pop up screen from your antivirus program during a scheduled scan - indeed it is an exact duplicate of it and listings various trojans it has "found".
It then invites you to click a button to 'clean' the computer - which of course downloads and install the real trojan file if you do.

Closing the browser window reveals that it was instead merely a webpage simulating an antivirus program popup.
The pop up was simulating the MSE antivirus program and MSE was indeed installed on this computer.

Atidi

ColdIron wrote: »

I'm struggling to spot the clever bit

Perhaps you've got to be clever?

InsideInsurance

rb10 wrote: »

Although this is complicated by the fact that genuine Natwest emails start with 'Dear Customer'.

Dont know, never had emails from them.

I know with Barclaycard they do address you as Cardholder or something similar in marketing emails but in operational ones they do use your name.

JimmyTheWig

ColdIron wrote: »

I'm struggling to spot the clever bit

I thought it was better worded than most of the rubbish I receive. Thought it was clever that they'd come up with an explanation of why the screen you end up on looks different to the screen you normally see.

Maybe they all do that these days. Maybe the clever bit was that it got through Hotmail's spam filter.


I'm not saying that it was so clever I almost fell for it!

angelsmomma

I have had loads from natwest this last few weeks and several of them got through the spam filter in hotmail. I don't bank with them so it was easy to spot.

maas

InsideInsurance wrote: »

Sounds a fairly basic attempt to be honest.

The salutation of "Dear Customer" or "Dear valued account holder" is normally the biggest giveaway

Yeah, Dear Customer is usually the big give away as they fire out the email to millions of email addresses en mass.

Of course that's not to say if it begins with your name that it's genuine but if it starts Dear Customer, triple check it.