Phishing email

Sunnyweather

Do not open Email attachments that you don't trust or are not expecting, ever!


That's the best advice I can give.

phona

Biggles wrote: »

It was an .html file, so could have contained anything.

I do like the advice to 'open the IE browser' 'for security reasons'. Most people recommend it's the last one you choose for security!

I don't know if you're familiar with javascript, but it often contains "if internet-explorer then" since IE is uniquely and pointlessly different from other browsers. Perhaps their malicious code only works in IE - as you say it's the last one you'd choose for security.

It's amazing that people fall for these things; there are so many clues. I guess the "don't open anything, don't click any links" message hasn't quite got to everyone yet.

SocialMediaOWL

Hi Rolls,

I have started receiving similar emails purporting to be from Nationwide although I had not received them previously and not aware of any request that I may have made to start receiving them. Accordingly. I viewed the email as suspicious and, therefore, like you, forwarded it to phishing@nationwide.co.uk but, as you have highlighted, there is no further communication channel available to confirm one way or the other whether the emails are legitimate or not.

Having read through this thread and done some investigation of my own as regards the domain names, ipaddresses and DNS, which I could see went through exacttarget.com (now salesforce marketing cloud) in Indianapolis, I decided to take the plunge and click on one of the links just to see what happened and, low and behold, the redirect link resolved to Nationwide.co.uk.

Thus, on the face of it, these would appear to be legitimate emails that Nationwide have commissioned via exacttarget.com, albeit rather poorly constructed and worded (i.e. "Thanks for banking with us" rather than "Thank you" and the generic "sent to your Internet Bank" rather than "now available to view via your Nationwide online banking pages") and, in my case, not knowingly solicited.

rolls99

SocialMediaOWL wrote: »

Hi Rolls,

I have started receiving similar emails purporting to be from Nationwide although I had not received them previously and not aware of any request that I may have made to start receiving them. Accordingly. I viewed the email as suspicious and, therefore, like you, forwarded it to [EMAIL="phishing@nationwide.co.uk"]phishing@nationwide.co.uk[/EMAIL] but, as you have highlighted, there is no further communication channel available to confirm one way or the other whether the emails are legitimate or not.

Having read through this thread and done some investigation of my own as regards the domain names, ipaddresses and DNS, which I could see went through exacttarget.com (now salesforce marketing cloud) in Indianapolis, I decided to take the plunge and click on one of the links just to see what happened and, low and behold, the redirect link resolved to Nationwide.co.uk.

Thus, on the face of it, these would appear to be legitimate emails that Nationwide have commissioned via exacttarget.com, albeit rather poorly constructed and worded (i.e. "Thanks for banking with us" rather than "Thank you" and the generic "sent to your Internet Bank" rather than "now available to view via your Nationwide online banking pages") and, in my case, not knowingly solicited.

Not long ago NW simply emailed a text email telling you to go to the site for statement or whatever - and didn't call it "Your Internet Bank" which sounds "Scammish" to say the least!, and there were never any clickable links.


Although I never click email links in any case, (and plenty of them are sent), I just reckon NW seem to have decided for some reason to change for no "good" reason!

Double_V

Sometimes these companies change their message titles, subjects.
Like when our council changed their subjects and outbound email address. I was bit concerned but then look at at signs, end domain was same.

And in your case, when you access the site is it encrypted ? with the lock icon in the address. Look for text.
Scams mostly clone the sites and use images instead.