Scam Emails – Natwest & Metro Bank


In this post I want to look at another couple of dodgy emails I’ve received recently, as I feel it’s important just to keep reminding people about them. Click here to see all of my scam email posts so far. I’ve also posted a video about them now as well, looking at these two emails and the previous ones I’ve mentioned here in the blog. So check that out as well in case it’s helpful.

The two emails in this instance are very similar, so it makes sense to deal with them together. There are white spaces instead of images, as my mail program has already recognised them as junk mail and disabled the images as a result, as they could have contained viruses. Images in emails are not proof of authenticity anyway, as it’s easy to add a photo of any logo of any organisation into any email, just by copying it.

Natwest Account Resolution Scam

Scam email pretending to be from Natwest

From: Natwest (W927471@usm.edu)

To: W927471@usm.edu

Subject: NatWest Account Resolution Required

Dear Customer

Upon intensive reviews on your profile. We have noticed that you need to resolve important security issues on your account to prevent temporal deactivation. It is therefore recommended that you complete this process. Your security is important to us.

Just go to [Link claiming to be Natwest] and follow the simple on-screen instructions. You can then start using our Online Banking services straight away – it’s that easy!

Yours sincerely

Chris Popple

Managing Director, Digital

Metro Bank Account Verification Scam

Scam email pretending to be from Metro Bank

From: Metro Bank (w944823@usm.edu)

To: w944823@usm.edu

Subject: Metro Bank Account Verification Required

Dear Client,

We detected irregular activity on your Metro Account on 12 August 2017.

For your protection, you must verify this activity before you can continue using your account.

Please kindly click on the secure my Metro account online access below to get your account details secure from online fraud.

[Link claiming to be for Metro Bank’s online access]

Best Regards,

Copyright Metro  Bank Plc © 2017 – All rights reserved.

Suspicious Signs

If you’ve read my previous scam email posts, then these things should be familiar to you.

The From Address in both emails comes from usm.edu, which is the University of Southern Mississippi, not a bank! That suggests either a couple of accounts at that institution have been hijacked by spammers to send out spam, or that the spammers have spoofed an address to make it look like it’s coming from there (though the former seems more likely).

The To Address is the same. My address is evidently on the BCC (Blind Carbon Copy) list, presumably with thousands of other people who have received the same email. People on the BCC list can’t be seen by any of the other recipients. But if the email was genuinely for me, my name would be in the To box, as I would be the only one getting it.

I am not addressed by name in the body text of the email – it’s simply “Dear Customer” or “Dear Client”. Again, if this was truly meant for me, my name would be there.

The grammar isn’t great. For instance, the first sentence of the Natwest email reads “Upon intensive reviews on your profile.” Although the text should clearly run on after that, the full stop there is in completely the wrong place, cutting the sentence off early. The phrase “temporal deactivation” doesn’t make sense either. It sounds more like something out of Doctor Who! “Temporary” instead of “temporal” would have at least made more sense.

And most importantly, the clickable links don’t go to the places you expect. In the Natwest email, the text displayed for the link says “www.nwolb.com” – which is a genuine Natwest site – but the actual address the link is pointing to is at “objektfenster.ch”, which is an obscure foreign site that has nothing to do with them. They’ve just made the link say “nwolb.com” to try and trick you into clicking it.

Link in email pretending to be from Natwest, going to objekt fenster.ch

And for the Metro Link email, the text displayed tells you that it’s to secure your online access. But the actual address contains pestcontrolmaitland.com.au, which is clearly nonsense.

Metro Bank Scam Email Link

And it’s as simple as that really. As always, if you’re suspicious or uncertain about an email – e.g. if you see anything strange like the things I’ve mentioned above – then never click on any links in the email itself. Go to the organisation’s actual site, by using a bookmark you already have for them, or by using Google to search for them. Then you can use the contact details there. Chances are they’ll also be on Twitter and Facebook as well, so you can probably contact them that way too.

So that’s it. I hope you found this post interesting and useful, and please remember to stay safe as always. 🙂

Author: Glen

Love London, love a laugh, love life. Visually impaired blogger & Youtuber with aniridia & nystagmus, posting about my experiences & adventures.

2 thoughts on “Scam Emails – Natwest & Metro Bank”

  1. Hi ..
    Today I revived a text message claiming to be metro bank (I don’t bank with them I thought it was weird)…
    But silly me I clicked on the link ..I didn’t type anything in where it was asking me to do so.
    I didn’t no what it was that’s why I clicked on the link….whatvshall I do now?

    Like

    1. You should be fine, because you didn’t submit any information. That’s what they’re after, so it’s great that you noticed it was wrong and stopped there. But if you’ve got up to date antivirus software installed, there would be no harm giving your computer a thorough scan with it, just to be safe. 🙂

      Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s