The fake NatWest customer satisfaction survey is currently flooding UK inboxes and comes from an e-mail address which resembles the authentic NatWest address. In a twist from past fraud campaigns, the scammers use the promise of a reward as bait, instead of a warning to urgently change passwords.
NatWest clients are told they have won a £100 gift certificate, which they will receive after completing a form. Clicking on the link included in the message takes users to a phishing page that asks for usernames and passwords. By giving away their credentials, and then their banking and credit card details to receive the reward, clients fall victim to credit card fraud or identity theft.
“Bank phishing is successful because it deals directly with the subject of cash – a subject that creates panic, joy or other strong emotions in users’ minds,” said Bitdefender Chief Security Strategist Catalin Cosoi. “An attack such as this one can spread like wildfire through a spam campaign. When users read they have won a reward or they will have their accounts deleted in 24 hours, many forget caution, and hastily give away personal details.”
To stay safe from phishing attacks, users shouldn’t click on links allegedly e-mailed from their bank or give away information until they check it’s a secured web page of the authentic financial institution.