20140120 A phisherman’s epic fail

I’m grateful to NatWest for telling me of a possible security breach relating to my “Credit Card Online Service” but there are a couple of factors that don’t quite hang true – aside from the basic one that, like most recipients of phishing mails, I don’t have an account with the target bank.

But most amusing is this: the breach that the email purports to tell me about hasn’t happened yet!

And one has to love the terrible English, even allowing for the terrible quality of English as she is mangled by my countrymen.

The mail arrived in my e-mail box at 07:16 UK time.


Subject: Credit Card Online Service Review Notification

Dear Valued Customer,

This is a short email to let you know that your Natwest Credit Card Online Service security details was recently changed on Monday, January 20, 2014 at 8:00: AM. Please confirm that this request was made by you.

Yes, I made this request.

No, I did not make this request.

Best wishes

David Wayne
Head of Credit Card


The phishing link, incidentally, is to an insecure directory in a WordPress instance installed at drackula.net. This particular weakness is widely exploited by criminals. It is probable that the owners of drackula.net have no idea their site is being used by criminals who have inserted a PHP file (probably a divert) in their system.

© 2014 Nigel Morris-Cotterill
All rights reserved


Like this content?