Cybercriminals turned the institution's technical difficulties to their advantage

Jun 28, 2012 07:13 GMT  ·  By

UK’s ActionFraud is advising internauts to beware of fake NatWest emails that purport to come from Stephen Hester, the head of RBS.

The messages are designed to steal sensitive information from unsuspecting customers who may actually believe that they will be locked out from their accounts, unless they comply with the demands.

In one of the versions, “Hester” tells recipients that a security upgrade recently made to the financial institution’s systems requires that they update their details.

The link on which users are advised to click leads to a replica of the official NatWest website. Here, they’re presented with a form that gathers all sorts of private data that can be later utilized by the fraudsters to access accounts and steal funds.

This latest series of spam emails comes at a time in which NatWest is experiencing some technical difficulties. Cybercriminals have turned these issues to their advantage and try to gather as much information as they can from unsuspecting customers.

“This shows how on-the-ball these opportunistic criminals are. Imagine not being able to access your bank account and then getting one of these,” explained Alan Woodward, a professor of computing at Surrey University.

"I specialise in security but I could see myself thinking, 'oh, it's from NatWest' and then clicking on the link, which takes you to an incredibly realistic website. Given the number of NatWest customers and the volume of emails that the scammers send, some people are going to fall for it, especially if they are desperate."

NatWest customers are advised to be on the lookout for such scams. These days, phishing schemes can be very well designed and even security conscious individuals can fall for the traps set by the crooks.

That’s why it’s very important to look for any clues that can give away the true identity of a plot. Always check out the site’s URL to ensure that it matches the bank’s genuine address and remember that financial institutions will never ask you to give away your PIN or password.