We have been made aware of some fake e-mails that appear to be from NatWest Bank. These are fake e-mails, that re direct you to malware. They seem to contain a link to the domain nwolb.com
The domain name is quite old, first registered in 1999, and is owned by NatWest (details here) But this is not the real domain you are going to ! read on…
The grammer is poor on the e-mail and as per the image below the text of the e-mail reads :-
For your security, We have been trying to contact you. However, we are unable to reach you. This is due to a slight detected in your account information.
To ensure the integrity of our online banking system & to protects all customers personal information & financial assets against unauthorised use at no cost. We have temporarily desable access to your account and certain features within our online banking system as a security measure.
To continue banking with us and to ensure that your service is not interrupted, we request you to confirm and update your account billing information & contact details with us immediately by following the reference button giving below.
When you look at the actual message source, you can see the image at the top comes from another domain and the actual link, points to another domain. The text says nwolb.com but the actual domain is bliss24services.com although the root of this domain checks out to be clean the actual full link address in this e-mail contains malware.
Below is a link to show the malware report for the full URL on the bliss24services.com domain.
The from address on the e-mail is also quite funny (see below)
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.