📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Never log in using a link provided by email

Options
Yesterday I received an authentic looking email with my name, postcode and the Nationwide logo from [EMAIL="nationwide@nationwide-communications.co.uk"]nationwide@nationwide-communications. co.uk[/EMAIL] , inviting me to view my current a/c statement via their log in link. It's quite simple for fraudsters to clone items from a bank or BS's site and present them in this way. They can even put the URL of a genuine site on a hyperlink which leads to their own cloned site, just waiting for your log in details, although obviously their URL would be slightly different from the genuine one e.g. www.nationwide.co.uk
«1

Comments

  • System
    System Posts: 178,349 Community Admin
    10,000 Posts Photogenic Name Dropper
    Are you saying it is not a genuine email from Nationwide? They put your name and postcode so that you know it is genuine! Also, if it is a genuine email from Nationwide then you will be getting one every month!
    This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com
  • redux
    redux Posts: 22,976 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    Also, for me, it comes from Nationwide with nbs@ as the start of my email address.
  • karlie88
    karlie88 Posts: 9,114 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Is the space within the email address a typo OP?

    nationwide@nationwide-communications.co.uk is a genuine email from Nationwide.

    See here:

    https://twitter.com/asknationwide/status/443495780775899137

    http://www.nationwide.co.uk/support/security-centre/internet-banking-security/how-to-protect-yourself#xtab:email-and-security-tips

    I never click on links within emails when it comes to banking - I always log on via their main webpage.

    Also, if you hover your mouse/pointer over any hyperlink, it displays the webpage address that it's redirecting to (usually at the bottom of your screen) - so I knew that your hyperlink was going to redirect me to MSE forums. Although, some fraudsters can circumvent that too.
    :grouphug: :D Official MSE canny forumite and HUKD VIP badge member :D :grouphug:
  • The bank should not include links in it's emails, this opens the door for fraud.
  • robatwork
    robatwork Posts: 7,268 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    Yesterday I received an authentic looking email with my name, postcode and the Nationwide logo from [EMAIL="nationwide@nationwide-communications.co.uk"]nationwide@nationwide-communications. co.uk[/EMAIL] , inviting me to view my current a/c statement via their log in link.

    Sorry you didn't specifically say if this was a genuine or phishing email.

    If the latter then it's very worrying as they (almost) never would have this level of information.

    Can you clarify that they had your name and postcode and it was fraudulent?
  • eskbanker
    eskbanker Posts: 37,221 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    It sounds like the email OP received was authentic rather than fraudulent - it has the same hallmarks as those I receive regularly from them and complies with what Nationwide publish on their site as per post #4.

    So, I don't think OP is claiming that there's actually been any sort of fraud here but believe that their broader point is that Nationwide shouldn't be encouraging people to follow links from emails as this is arguably poor security practice and increases the risk of falling for phishing (even though these particular emails are genuine).
  • ArielNH
    ArielNH Posts: 2 Newbie
    Third Anniversary
    edited 13 November 2016 at 3:34PM
    I had a similar email on 12th Nov, for reductions off products I don't want. Luckily, none of the succession of offers have ever been of interest so I usually instantly consign to trash. However, bearing in mind the Tesco scam and others, I decided to look more closely without clicking. The email lacked my name and postcode, signposts Nationwide are supposed to use. It also quoted a superceded card number so I assumed scam. Copied email to nationwide phishing re apparent security risk, especially as the email invites a link to be activated to "sign in". No response yet, but security is only a part time role for these outfits. "24/7 banking, except for security"
  • Chino
    Chino Posts: 2,031 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    eskbanker wrote: »
    So, I don't think OP is claiming that there's actually been any sort of fraud here
    Au contraire, the OP is claiming an attempted fraud:
    Yesterday I received an authentic looking email
  • eskbanker
    eskbanker Posts: 37,221 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Chino wrote: »
    Au contraire, the OP is claiming an attempted fraud:
    Yesterday I received an authentic looking email
    Wow, that's a pretty spectacular leap of logic to get you from the actual quote about the email to an allegation of attempted fraud, have you considered a career in an AML department of a bank?
  • System
    System Posts: 178,349 Community Admin
    10,000 Posts Photogenic Name Dropper
    eskbanker wrote: »
    but believe that their broader point is that Nationwide shouldn't be encouraging people to follow links from emails as this is arguably poor security practice and increases the risk of falling for phishing (even though these particular emails are genuine).


    Exactly. Banks frequently undermine customers' security awareness by breaking their own rules about emails, phone calls, etc.

    The only safe rule is never to respond directly to any requests by phone or email, but to contact the organisation yourself using the publicly-advertised number and ask them about the request they have just apparently sent.
    But they still fail security by having no proper central control of their emails or out-going phone calls, so sometimes a communication can be a genuine one from a small section of the organisation.
    This is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.1K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244.1K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.