Bagel Belly Blog: Scam Spam

December 8, 2003

Scam Spam

I got the notorious bank scam spam this morning. This thing is scarily realistic. It's easy to see how so many people are fooled by it. And the most worrying thing is I don't see how any of the banks can properly defend themselves against this sort of trick. The only way they could do so would be to tell their customers that they will never email them. Which is great for us - less commercial spam from the banks - but will the banks really be brave enough to take that step? I don't think they'll have much choice.

In Apple's Mail, there's no way to see where the url will take me (it actually leads to an address using the http://username:password@site/scheme, with a username of www.nwolb.com followed by lots of spaces - so it actually looks like the real thing in the address bar). I tried to visit NatWest online banking to find an email address that I could forward the mail to - they may be able to get some useful information from the headers - but NatWest have hit the panic button and shut down their site. And here's one of the scary things about the spam - it gives a different support telephone number to the official NatWest one. Presumably there's some fraudsters at the other end of the line waiting to assure me that it's ok to type in my login details and password. Ouch.

And here's where it gets really worrying. If you actually visit the url, you get a page that looks almost exactly like the NatWest online banking service. There's a few giveaway problems with the page - weird character encodings meaning "4"s appearing in the menu on the left, the url containing %20 (which will be displayed as a space in Internet Explorer, so the user doesn't see the real site), the site is not loading securely with https, and the date is wrong - but other than that, it's impossible to tell the difference. And most of these things I suspect you'd only understand or notice if you're a geek.

The only irony is that these fraudsters appear to support Safari, whereas the real NatWest redirect me to a page telling me my browser is not supported. I can see a lot of Windows users with Internet Explorer as their default browser being caught out by this one.

Posted by savs at December 8, 2003 8:58 AM