Banking fraud targets National Westminster customers
8th December, 2003
Nat West's internet bank www.nwolb.com has been unavailable today, coinciding with an electronic mail fraud attack on the bank's customers.
The mail [below] tries to trick NatWest customers to give away their account details in a similar fashion to an earlier wave of attacks on UK banks a month ago.
Conventionally, the drop sites for these attacks are hosted in Asia, however the ip address in this mail is registered to Pacific Bell, and is most plausibly a Pacific Bell ADSL customer machine acting as a reverse proxy to the actual machine collecting the Nat West customer banking details.
Dear Valued Customer, - Our new security system will help you to avoid frequently fraud transactions and to keep your investments in safety. - Due to technical update we recommend you to reactivate your account. Click on the link below to login and begin using your updated NatWest account. To log into your account, please visit the NatWest Online Banking Note that this url points to a host participating in the scam https://www.nwolb.com/ If you have questions about your online statement, please send us a Bank Mail or call us at 0846 600 2323 (outside the UK dial +44 247 686 2063). We appreciate your business. It's truly our pleasure to serve you. NatWest Customer Care This email is for notification only. To contact us, please log into your account and send a Bank Mail.
% telnet 64.174.108.131 http Trying 64.174.108.131... Connected to 64.174.108.131. Escape character is '^]'. HEAD / HTTP/1.1 Host: 64.174.108.131 HTTP/1.1 200 OK Date: Mon, 08 Dec 2003 13:27:18 GMT Server: Apache-AdvancedExtranetServer/1.3.12 (Linux-Mandrake/30mdk) mod_ssl/2.6.6 OpenSSL/0.9.5a PHP/4.0.2 Last-Modified: Mon, 08 Dec 2003 01:54:27 GMT ETag: "aae8-6ed-3fd3d9d3" Accept-Ranges: bytes Content-Length: 1773 Content-Type: text/html Connection closed by foreign host.
Posted in Security
Related News
Outages Continue at SCO
15 Dec 2003
Performance, Security
The web site outages continue at SCO, which was unreachable for much of the weekend and is currently experiencing its fourth incident of extended downtime since it came under a distributed denial of service (DDoS) attack last Thursday. A dynamically...
View full post
CAIDA: Data Confirms DDoS at SCO
12 Dec 2003
Performance, Security
A data-based analysis of SCO's web site by the Cooperative Association for Internet Data Analysis (CAIDA) has found that this week's outage was related to a distributed denial of service attack (DDoS). Data collected by CAIDA's Network Telescope indicates...
View full post
IE Flaw Allows Spoofed URLs
12 Dec 2003
Security
A newly publicized bug in Internet Explorer shows that it is possible to craft html which causes Internet Explorer to display an incorrect URL in its address and status bars, making it easier for Internet fraudsters to trick web users into divulging...
View full post