9252). Nationwide Building Society - HTML.Phishing.Bank-650
This email targets customers of Nationwide Building Society.
Message Details
| Malware Name: | HTML.Phishing.Bank-650 |
| Origin: |  United Kingdom |
| Date first seen: | 09/08/2006 04:22:32 |
| From: | "service@nationwide.com" <service@nationwide.com> |
| Subject: | Nationwide Online Banking services suspension |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
15/08/2006 13:25:31 | 24/09/2006 21:17:28 |  81.196.20.134 |
http://www.olb2.nationet.com.go.ro/NWlogo.gif | |
|
15/08/2006 13:25:31 | 24/09/2006 21:17:28 | 81.196.20.134 |
http://www.olb2.nationet.com.go.ro/proud.gif | |
|
09/08/2006 04:30:59 |  216.39.58.65 |
http://bestproctorgroup.com/redirect.htm | |
|
|
15/08/2006 13:25:30 | 19/08/2006 00:16:11 | 216.31.198.89 |
http://www.fsa.gov.uk/register/ | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
[NWlogo.gif] [proud.gif]
WARNING! Your online banking is temporarily suspended.
Dear Nationwide Customer,
Nationwide Building Society is always looking forward to the highest
security of our clients. Some customers have been receiving emails claiming
being from Nationwide Building Society advising them to follow a link to
what appears to be a Nationwide's website, where they are prompted to enter
their personal online banking details. Nationwide is no way involved with
these emails and the website does not belong to us.
For your security and protection we have temporarily suspended your online
banking access untill we are able to validate yourself as a genuine
Nationwide customer. In order to re-activate your online banking you will
only need to sign on to your online banking services through our new secured
SSL servers at:
[1]https://olb2.nationet.com
Please note this is a one time verification and no further actions are
required from yourself.
*IMPORTANT*
Nationwide will never ask you for your memorable data or pass number in an
e-mail. Never disclose this information to anyone.
For security reasons, when you have finished using Internet Banking always
select SIGN OFF.
If you have opted not to receive paper statements it is good practice to
regularly check your statement online.
Thank you for your prompt attention to this matter and thank you for using
Nationwide Building Society!
This email is intended for Nationwide Building Society customers. ©
Nationwide Building Society. Nationwide is a registered trademark of
Nationwide Building Society. Nationwide Building Society, Nationwide Life
Limited and Nationwide Unit Trust Managers Limited represent only the
Nationwide Marketing Group which is authorised and regulated by the
Financial Services Authority for life assurance, pensions, unit trusts,
insurance and regulated mortgages. They are entered in the Financial
Services Authority's Register and their Register Numbers are 106078, 177850
and 177793. For more information you may visit [2]www.fsa.gov.uk/register/ .
Nationwide Building Society, Head Office, Nationwide House, Pipers Way,
Swindon SN38 1NW.
References
1. http://bestproctorgroup.com/redirect.htm
2. http://www.fsa.gov.uk/register/