In this post I want to look at another couple of dodgy emails I’ve received recently, as I feel it’s important just to keep reminding people about them. Click here to see all of my scam email posts so far. I’ve also posted a video about them now as well, looking at these two emails and the previous ones I’ve mentioned here in the blog. So check that out as well in case it’s helpful.
The two emails in this instance are very similar, so it makes sense to deal with them together. There are white spaces instead of images, as my mail program has already recognised them as junk mail and disabled the images as a result, as they could have contained viruses. Images in emails are not proof of authenticity anyway, as it’s easy to add a photo of any logo of any organisation into any email, just by copying it.
Natwest Account Resolution Scam
From: Natwest (W927471@usm.edu)
Subject: NatWest Account Resolution Required
Upon intensive reviews on your profile. We have noticed that you need to resolve important security issues on your account to prevent temporal deactivation. It is therefore recommended that you complete this process. Your security is important to us.
Just go to [Link claiming to be Natwest] and follow the simple on-screen instructions. You can then start using our Online Banking services straight away – it’s that easy!
Managing Director, Digital
Metro Bank Account Verification Scam
From: Metro Bank (firstname.lastname@example.org)
Subject: Metro Bank Account Verification Required
We detected irregular activity on your Metro Account on 12 August 2017.
For your protection, you must verify this activity before you can continue using your account.
Please kindly click on the secure my Metro account online access below to get your account details secure from online fraud.
[Link claiming to be for Metro Bank’s online access]
Copyright Metro Bank Plc © 2017 – All rights reserved.
If you’ve read my previous scam email posts, then these things should be familiar to you.
The From Address in both emails comes from usm.edu, which is the University of Southern Mississippi, not a bank! That suggests either a couple of accounts at that institution have been hijacked by spammers to send out spam, or that the spammers have spoofed an address to make it look like it’s coming from there (though the former seems more likely).
The To Address is the same. My address is evidently on the BCC (Blind Carbon Copy) list, presumably with thousands of other people who have received the same email. People on the BCC list can’t be seen by any of the other recipients. But if the email was genuinely for me, my name would be in the To box, as I would be the only one getting it.
I am not addressed by name in the body text of the email – it’s simply “Dear Customer” or “Dear Client”. Again, if this was truly meant for me, my name would be there.
The grammar isn’t great. For instance, the first sentence of the Natwest email reads “Upon intensive reviews on your profile.” Although the text should clearly run on after that, the full stop there is in completely the wrong place, cutting the sentence off early. The phrase “temporal deactivation” doesn’t make sense either. It sounds more like something out of Doctor Who! “Temporary” instead of “temporal” would have at least made more sense.
And most importantly, the clickable links don’t go to the places you expect. In the Natwest email, the text displayed for the link says “www.nwolb.com” – which is a genuine Natwest site – but the actual address the link is pointing to is at “objektfenster.ch”, which is an obscure foreign site that has nothing to do with them. They’ve just made the link say “nwolb.com” to try and trick you into clicking it.
And for the Metro Link email, the text displayed tells you that it’s to secure your online access. But the actual address contains pestcontrolmaitland.com.au, which is clearly nonsense.
And it’s as simple as that really. As always, if you’re suspicious or uncertain about an email – e.g. if you see anything strange like the things I’ve mentioned above – then never click on any links in the email itself. Go to the organisation’s actual site, by using a bookmark you already have for them, or by using Google to search for them. Then you can use the contact details there. Chances are they’ll also be on Twitter and Facebook as well, so you can probably contact them that way too.
So that’s it. I hope you found this post interesting and useful, and please remember to stay safe as always. 🙂