Recent bank phishing emails

paulpud

Don't know if anyone else has posted about this but in the past couple of weeks I have had a 2 very convincing phishing emails, one from ‘Santander’ (with whom I do hold an account) and one today from ‘Nat West’.

The emails are headed 'new online authentication procedures’ and when opened shows a very authentic-looking page informing you that you will not be able to access your account if you don't click on the embedded link so, out of curiosity, I followed the procedure.

You get taken to a perfect mock up of the bank website where you enter your customer number and on the next page you enter 3 random numbers from your PIN and 3 random characters from your password, but it doesn't matter what you enter because the next page will tell you that you entered an invalid character as part of your PIN and, 'due to the number of failed login attempts' you now have to enter your full password. Once you do this you are told your account has been temporarily suspended and, needless to say, you have to now provide all of your personal information, banking and debit card details. Once you've done this it tells you that your account is now active again and after a few seconds takes you to the bank's genuine home page, leaving you none the wiser that you're about to have your account emptied.

I've had a plethora of scam/phishing emails over the years that have been fairly easy to spot but these are different and the scammers are getting very sophisticated.

Be careful.

DoaM

Unless the email says Dear [Your Actual Name] then it is a scam email.

In my experience, banks always identify the customer by name.

cajef

These scams have been going on for ages, either your Paypal account has been restricted or a bank you have never had an account with have restricted it unless you click on a link and give them details.

You only need to look at the headers to realise they are scams, I just delete them straight away.:)

soolin

Sophisticated ? Yet still relies on the customer doing the one thing that banks warn not to do over and over again.

Asghar

paulpud wrote: »

I've had a plethora of scam/phishing emails over the years that have been fairly easy to spot but these are different and the scammers are getting very sophisticated.
Be careful.

It doesn't matter how sophisticated these emails look, they could even look 100% genuine. The thing is, you do NOT click on any link in a bank email to log in or just to verify your details.

The only time you would click on an email link is maybe to verify your email address when setting up an account for online access. That's it.

You should always log into your bank or Paypal account through your normal browser and using their website address.

FOREVER21

paulpud wrote: »

Don't know if anyone else has posted about this but in the past couple of weeks I have had a 2 very convincing phishing emails, one from ‘Santander’ (with whom I do hold an account) and one today from ‘Nat West’.

The emails are headed 'new online authentication procedures’ and when opened shows a very authentic-looking page informing you that you will not be able to access your account if you don't click on the embedded link so, out of curiosity, I followed the procedure.

You get taken to a perfect mock up of the bank website where you enter your customer number and on the next page you enter 3 random numbers from your PIN and 3 random characters from your password, but it doesn't matter what you enter because the next page will tell you that you entered an invalid character as part of your PIN and, 'due to the number of failed login attempts' you now have to enter your full password. Once you do this you are told your account has been temporarily suspended and, needless to say, you have to now provide all of your personal information, banking and debit card details. Once you've done this it tells you that your account is now active again and after a few seconds takes you to the bank's genuine home page, leaving you none the wiser that you're about to have your account emptied.

I've had a plethora of scam/phishing emails over the years that have been fairly easy to spot but these are different and the scammers are getting very sophisticated.

Be careful.

Personally I tend to bin them as a matter of course without opening them. My thinking being that I will log on using the official web site and if there is a problem contact the bank.
I have received numerous similar to the ones you mention and have never been locked out of my accounts by ignoring them.

Just a word of caution I would not even open an e-mail if I was dubious about the authenticity, people have posted that the very simple step of opening a rogue message can lead to a bug being downloaded .

nkkingston

DoaM wrote: »

Unless the email says Dear [Your Actual Name] then it is a scam email.

In my experience, banks always identify the customer by name.

While this is true, the vast majority of scam emails I get also include my name. Usually whatever databank they've harvested your information from include the name associated with the email address (often it's a friend with a virus, whose whole address book has been harvested, but sometimes it's some lovely company like Yahoo not fessing up to data breaches for years). Do not assume it's from your bank just because they know your name!

The email address is usually a bit more of a give away - if you hover over the name the email is from in most email account sit will show the actual email address it came from. A string of random letters and numbers, or something that is close to your bank's name but not quite (anyone else had natwest.co.tk before?) then it's definitely a scam. Equally, hovering over the link the email is asking you to click will tell you where it actually wants to take you.

But honestly, any email purporting to be from your bank that asks you to click a link to your account? Probably a scam. Banks know about phishing, which is precisely why they're so keen to drill into customer's heads that they won't send you emails like this.