Banking fraud targets National Westminster customers

Nat West's internet bank www.nwolb.com has been unavailable today, coinciding with an electronic mail fraud attack on the bank's customers. The mail [below] tries to trick NatWest customers to give away their account details in a similar fashion to an earlier wave of attacks on UK banks a month ago.

Conventionally, the drop sites for these attacks are hosted in Asia, however the ip address in this mail is registered to Pacific Bell, and is most plausibly a Pacific Bell ADSL customer machine acting as a reverse proxy to the actual machine collecting the Nat West customer banking details.

Dear Valued Customer, 

- Our new security system will help you to avoid
  frequently fraud transactions and to keep your 
  investments in safety.

- Due to technical update we recommend you to
  reactivate your account. 

Click on the link below to login and begin using
your updated NatWest account. 

To log into your account, please visit the NatWest Online Banking
Note that this url points to a host participating in the scam
https://www.nwolb.com/

If you have questions about your online statement,
please send us a Bank Mail or call us at 
0846 600 2323 (outside the UK dial +44 247 686 2063). 

We appreciate your business. It's truly our 
pleasure to serve you. 

NatWest Customer Care 

This email is for notification only. To contact us,
please log into your account and send a Bank Mail. 

% telnet 64.174.108.131 http
Trying 64.174.108.131...
Connected to 64.174.108.131.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: 64.174.108.131


HTTP/1.1 200 OK
Date: Mon, 08 Dec 2003 13:27:18 GMT
Server: Apache-AdvancedExtranetServer/1.3.12 (Linux-Mandrake/30mdk) 
mod_ssl/2.6.6 OpenSSL/0.9.5a PHP/4.0.2
Last-Modified: Mon, 08 Dec 2003 01:54:27 GMT
ETag: "aae8-6ed-3fd3d9d3"
Accept-Ranges: bytes
Content-Length: 1773
Content-Type: text/html

Connection closed by foreign host.