1. Home
  2. UK Finance Discussions
  3. Nationwide email scam

Nationwide email scam

Just as Natwest got "attacked" the other day I have just received this email pretending to be from the Nationwide this time.

Regards Sunil

------- Dear Nationwide Bank Member,

This email was sent by the Nationwide server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your Nationwide Customer Number, Passnumber and Memorable Data. This is done for your protection --- because some of our members no longer have access to their email addresses and we must verify it.

To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link (or if you use AOL), copy and paste the link into the address bar of your web browser.

formatting link
snipped-for-privacy@ShOrTwAy.To/cgf4dl/?xxxxxxxxxxxxxx

-------------------------------------------- Thank you for using Nationwide!

--------------------------------------------

This automatic email sent to: snipped-for-privacy@xxxxxxxxx.co.uk Do not reply to this email.

Reply to
Sunil Sood
Loading thread data ...

. . . and i have received an almost identical email to this, except what it says is: ------>

Dear Barclays Bank Member, This email was sent by the Barclays server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your Barclays Membership number, passcode and memorable word. This is done for your protection --- because some of our members no longer have access to their email addresses and we must verify it. To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link (or if you use AOL), copy and paste the link into the address bar of your web browser.

formatting link
snipped-for-privacy@fma03kd.mail.com/?FocTw0yEy0QUWRZ . . . etc, etc.

. . . so my question is just how do these scammers know that you have a nationwide account and i have a barclays one, and not vice versa??

scarey!

Reply to
freezer

they don't know but there are people stupid enough to respond and they will eventually get their hands on someones details and will clear them out

Reply to
sas

Bitstring , from the wonderful person snipped-for-privacy@ntlworld.com said

They have to get lucky sometimes. I got Citibank, and Ebay ones this week, neither of whom I go anywhere near.

Reply to
GSV Three Minds in a Can

On Sun, 26 Oct 2003 10:34:29 +0000, snipped-for-privacy@ntlworld.com quoted:

formatting link
is Russian - aserver.one.ru (193.124.133.29). The Nationwide fake page appears to have been removed and instead you go to the hosts home page -
formatting link
This site tries to infect your machine with JS/IEStart.gen.c according to McAfee.

This link still appears to be active, taking you to

formatting link
which is 212.140.222.150 which is a BT site according to whois. Both appear to be using these new? @ URLs. Does anyone know how they work ? Presumably the bit before the @ is simply a reference to be passed on to the site referenced after the @ which, in this case is a redirecter.

Daytona

Reply to
Daytona

Hi Folks

I just got the following message. I have no accounts with Nationwide, and my spam software caught it out. I presume it is the same one of the Barclay's One

Spamassassin came up with this justification:

Content analysis details: (5.50 points, 5 required) FROM_ENDS_IN_NUMS (0.6 points) From: ends in numbers IN_REP_TO (-0.4 points) Has a In-Reply-To header REFERENCES (-0.0 points) Has a valid-looking References header USERPASS (1.3 points) URI: URL contains username and (optional) password HTTP_USERNAME_USED (0.7 points) URI: Uses a username in a URL ROUND_THE_WORLD_LOCAL (2.6 points) Received: says mail bounced around the world (HELO) DATE_IN_FUTURE_12_24 (0.7 points) Date: is 12 to 24 hours after Received: date CLICK_BELOW (0.0 points) Asks you to click below

The email is below

Dear Nationwide Bank Member, This email was sent by the Nationwide server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your Nationwide Customer Number, Passnumber and Memorable Data. This is done for your protection --- because some of our members no longer have access to their email addresses and we must verify it. To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link (or if you use AOL), copy and paste the link into the address bar of your web browser.

formatting link
snipped-for-privacy@ShOrTwAy.To/n2r5j4/?6GbmOCxTzMgQwnu

-------------------------------------------- Thank you for using Nationwide!

-------------------------------------------- This automatic email sent to: XXXXXXXXXXXXXXXXXXXXXXXXXXX Do not reply to this email.

Reply to
Phil Deane

The bit before the @ is interpreted as an http username/password and so will be ignored if not required. The full http format is http://user:password@host/path

Reply to
dangermouse2b

I can't remember my memorable data anyway ... I spent something like an hour recently trying to figure out what my memorable place was for one website.

Reply to
Stephen Burke

Sunil (or anybody who received a similar email): would you mind posting the message including the SMTP headers? I'd be interested in knowing the servers these guys are using, or at least appear to be using.

Thanx Tuatara

Reply to
Tuatara

--------

Regards Sunil

Reply to
Sunil Sood

BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.