14 DAY TRIAL // Cybercriminals never rest and bank customers are always in their sight. In a new phishing campaign, they target NatWest Bank customers in an attempt to steal their login credentials for the online account.
The message is simple and claims that an incoming payment cannot be processed because of undisclosed errors related to account information.
To solve the issues, the recipient is asked to log into the account via a provided link and fill in the forms available on the web page.
Phishing website was hosted in Russia
Since it’s about money being received, many users may be tempted to rush to the log-in URL and provide the necessary data. However, the page is set up to collect the information and deliver it to the cybercriminals.
It is unclear what data is requested by the fake website, but in most cases, the crooks make sure that everything needed to at least make online purchases in the name of the victim is captured, which is the name as it appears on the card, the card number, the CVV (card verification value), and the expiration date of the payment instrument.
According to MillerSmiles, the web server hosting the malicious site is located in Sankt Petersburg, Russia, and the reply email address is inf@nmt[.]com, which has nothing to do with NatWest bank.
Info of many can be collected for the short while the webpage is active
Despite this type of phishing being quite common, some users still fall for the trick and access the fraudulent page, sometimes ending up with a negative balance on their credit card.
Phishing websites have a lifespan of just a few hours, as it also happened with this one, as they are quickly spotted via detection mechanisms and user reports. On the other hand, it can make plenty of victims in the short period it is active.
One should remember that banks do not ask for sensitive financial information via email, and if errors occur, they invite customers to their offices to remedy the problem.