Oh Dear .. my NatWest Account has been locked!

Please note … my tongue is firmly my cheek on this, and I only aim to show the key points that you should look for. I did get contacted by the NatWest Help line from the Twitter post, so someone must have thought I was serious about my Blog.

natWhen I get an email saying my NatWest account has been locked, I take it seriously. The fact that I do not have a NatWest account does not matter, as I surely have one, I’ve just forgotten about it.

It has me worried straight away especially as it doesn’t seem to be addressed to anyone, obviously there’s quite a few people affected, and to save time they have just bcc:’ed us all. Perhaps a big disappointment is that I can’t even email them back, as it is from vislink.net, which must be some kinda of handling agency for these threats. Let’s look at the HTML in the email and see if we can spot a few things:

<html>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=iso-8859-1″></head>
<div style=”font-size:100.1%”><table style=”border-right:0em;border-collapse:collapse;width:570px;border-bottom:0em;border-top:0em;border-left:0em”><tbody><tr>
<td style=”PADDING-RIGHT:0em;PADDING-LEFT:0em;PADDING-BOTTOM:0em;PADDING-TOP:0em” rowspan=”1″ colspan=”1″><img alt=”NWB Banner” src=http://srpaydayloans.co.uk/images/NWBlogo.gif” height=”61″ width=”592″></td>
</tr><tr><td style=”PADDING-RIGHT:0em;PADDING-LEFT:0em;PADDING-BOTTOM:0em;PADDING-TOP:0em” rowspan=”1″ colspan=”1″><br clear=”none”></td></tr></tbody></table>
<table style=”padding-left:0em;padding-right:0em;border-right:0em;padding-top:0em;border-collapse:collapse;width:570px;border-bottom:0em;border-top:0em;padding-bottom:0em;border-left:0em” cellpadding=”0″><tbody><tr><td rowspan=”1″ colspan=”1″ background=”http://srpaydayloans.co.uk/images/RBS_UBN_TB_UL_01.jpeg&#8221; height=”17″ width=”17″></td><td rowspan=”1″ colspan=”1″ background=”http://srpaydayloans.co.uk/images/RBS_UBN_TB_UM_02.jpeg“></td><td rowspan=”1″ colspan=”1″ background=”http://srpaydayloans.co.uk/images/RBS_UBN_TB_UR03.jpeg” height=”17″ width=”17″></td></tr><tr>
<td rowspan=”1″ colspan=”1″ background=”http://srpaydayloans.co.uk/images/RBS_UBN_TB_SL_04.jpeg”><br clear=”none”></td><td rowspan=”1″ colspan=”1″><p style=”font-family:Tahoma,Arial,Helvetica;font-size:14pt;color:#002a66″>Access to online banking services has been temporarily locked</p><p style=”font-family:Tahoma,Arial,Helvetica;font-size:0.85em;color:#002a66″>To restore your access, click <a href=”http://dgfptm.ro/admin/old_script/js/index.html&#8221;>Log In to Online Banking</a> and proceed with the verification process.<p style=”font-family:Tahoma,Arial,Helvetica;font-size:0.85em;color:#002a66″>In case this process is not performed within 24 hours your account will be suspended.<p style=”font-family:Tahoma,Arial,Helvetica;font-size:0.85em;color:#002a66″>Yours sincerely,</p><p style=”font-family:Tahoma,Arial,Helvetica;font-size:0.85em;color:#002a66″>Natwest online banking team</p></td>
<td rowspan=”1″ colspan=”1″ background=”http://srpaydayloans.co.uk/images/RBS_UBN_TB_SR_05.jpeg”><br clear=”none”></td></tr>             <tr><td rowspan=”1″ colspan=”1″ background=”http://srpaydayloans.co.uk/images/RBS_UBN_TB_DL_06.jpeg&#8221; height=”30″ width=”17″></td>
<td rowspan=”1″ colspan=”1″ background=”http://srpaydayloans.co.uk/images/RBS_UBN_TB_DM_07.jpeg”><br clear=”none”></td><td rowspan=”1″ colspan=”1″ background=”http://srpaydayloans.co.uk/images/RBS_UBN_TB_DR_08.jpeg&#8221; height=”30″ width=”17″></td></tr></tbody></table><table style=”border-right:0em;border-collapse:collapse;width:570px;border-bottom:0em;border-top:0em;border-left:0em”><tbody><tr><td colspan=”3″ style=”PADDING-RIGHT:0em;PADDING-LEFT:0em;PADDING-BOTTOM:0em;PADDING-TOP:0em” rowspan=”1″><br clear=”none”><img src=”http://srpaydayloans.co.uk/images/NWBAR.png&#8221; alt=”NWB Bar” height=”27″ width=”592″></td></tr><tr><td colspan=”3″ rowspan=”1″>&nbsp;</td></tr><tr><td rowspan=”1″ colspan=”1″>&nbsp;</td><td rowspan=”1″ colspan=”1″><br clear=”none”></td></tr><tr><td colspan=”3″ rowspan=”1″><br clear=”none”></td></tr><tr><td rowspan=”1″ colspan=”1″></td><td rowspan=”1″ colspan=”1″>
</html>

Oh dear, RBS and NatWest must be saving money by hosting all their logos on srpaydayloans.co.uk. So when I click on the link I will go to:

http://dgfptm.ro/admin/old_script/js/index.html

and then I get sent off on my tracks to http://goldenlandarch.com. Pweh! My head is spinning:

nat2You wonder if someone wants you to see the valid address in the URL, where a valid session has been used as a parameter into the Web page:

http://goldenlandarch.com/12106/1.htm?https://www.nwolb.com/default.aspx?refererident=488B0F5976E67B2C0229BD556B802452714DA11B&cookieid=29563&noscr=false&CookieCheck=2013-05-30T09:50:01

Every thing looks good here. Nice logo, and 24×7 support … very good … all the fonts and layout look good. But when I examine the code I get:

nat3

Well … I think it’s fine, so I’ll ignore it:

”."><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>Log in to online banking</title>

<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="Content-Style-Type" content="text/css">

<link href="poze/1.css" rel="stylesheet" type="text/css" media="all" segment="">

<link href="https://www.nwolb.com/Brands/NWB/css/npc.css" rel="stylesheet" type="text/css" media="all" segment="">

</head>

        <link rel="shortcut icon" type="image/x-icon" href="poze/l.png">
        <link rel="icon" type="image/x-icon" href="poze/l.png">

<body id="ctl00_bodyTag" class="wizard">

	<div id="wrapper" class="default_bg nobackgroundImg">
		<div id="acceskeys">
		  <p><img src="poze/foot.png" /></p>
		</div>
	  <div id="canvas" class="twoLines">
		  <div id="content">
			  <a name="content"></a>
			  <div id="mid">
					<div id="ctl00_snailTrail__10a6aa638902_SnailTrail">

</div>
				<form name="aspnetForm" method="post" action="1.php" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div></div>

<span id="ctl00_mainContent_ctl00" class="errorIndicator" style="color:Red;display:none;"></span>
        <div id="ctl00_mainContent_LI5PNL">

            <div id="ctl00_mainContent_LI5PFAT" class="li5HeaderTopCurve">
	</div>
            <div id="ctl00_mainContent_LI5PFAB" class="li5Header LI5HeaderContainer">

					<h1>
			<img id="LI5BTHA" alt="Online banking services" class="H1Img LI5HeaderText" src="poze/onlineb.gif">
		</h1>
		    </div>

					<div id="ctl00_mainContent_LI5PFB" class="tabcontainer">

					    <ul id="ctl00_mainContent_LI5TLA" class="tabUI">

					        <li id="ctl00_mainContent_LI5TABA" class="active"><span class="left">

<img id="ctl00_mainContent_LI5TABA_LI5TABA" title="Online banking" src="poze/2.gif" alt="Online banking" style="border-width:0px;"></span></li>
 <li id="ctl00_mainContent_LI5TABB"><span><a id="ctl00_mainContent_LI5TABB_LI5BIBAltTextAnchor" title="Switch to NatWest Credit Card Online Services log in page." href="#" target="_top">
<img title="Switch to NatWest Credit Card Online Services log in page." src="poze/1.gif" alt="&lt;span&gt;Switch to NatWest Credit Card Online Services log in page.&lt;/span&gt;" style="border-width:0px;"></a></span></li>

			</ul>
                                <div id="ctl00_mainContent_LI5TABA_LI5PFC" class="box_li5border"><div class="box_top_li5border"><hr></div>
					                <div id="ctl00_mainContent_LI5TABA_PageFrame1" class="innerspacing1">

					                    <div id="ctl00_mainContent_LI5TABA_PageFrame2" class="box_li5inntertab"><div class="box_top_li5inntertab"><hr></div>
					                        <div id="ctl00_mainContent_LI5TABA_PageFrame3" class="innerspacing2">

					                            <h2 id="ctl00_mainContent_LI5TABA_LI5BTHB" class="">
						Welcome to online banking
					</h2>

                                                <div class="dbidlength">

<ul class="form"><li class="first">
<span id="ctl00_mainContent_LI5TABA_DBID_dbidvalidator" class="errorIndicator" style="color:Red;display:none;">
<img title="Your Customer Number is made up of your date of birth (ddmmyy) and up to 4 other numbers as advised when you joined the service." class="ErrorMarker" src="files/error.gif" alt="" style="border-width:0px;"></span>
<span id="ctl00_mainContent_LI5TABA_DBID_RegularExpressionValidator" style="color:Red;display:none;">
<img title="Your Customer Number is made up of your date of birth (ddmmyy) and up to 4 other numbers as advised when you joined the service." class="ErrorMarker" src="files/error.gif" alt="Your Customer Number is made up of your date of birth (ddmmyy) and up to 4 other numbers as advised when you joined the service." style="border-width:0px;"></span>

<span id="ctl00_mainContent_LI5TABA_DBID_RequiredValidator" class="errorIndicator" style="color:Red;display:none;"><img title="Some of the information required has not been entered." class="ErrorMarker" src="files/error.gif" alt="Some of the information required has not been entered." style="border-width:0px;"></span>
<label for="ctl00_mainContent_LI5TABA_DBID_edit" id="ctl00_mainContent_LI5TABA_ControlPair1Label" class="wizCrl">Customer number</label>
<span><span id="ctl00_mainContent_LI5TABA_DBID" title="Enter your customer number to service your bank accounts and view credit cards online">

<input name="id" maxlength="10" id="ctl00_mainContent_LI5TABA_DBID_edit" autocomplete="off" type="text"></span>

</span>&nbsp;<a id="ctl00_mainContent_LI5TABA_LI5NLBAnchor" title="Forgotten any of your log in details? : Opens in a new window" onclick="window.open('#','PinPassHelpWindow','height=600,width=800,status=yes,toolbar=no,menubar=no,location=no,scrollbars=yes,resizable=yes');return false;" href="#" target="PinPassHelpWindow">Forgotten any of your log in details?</a></li></ul>

                                                </div>

						                        <p>
						                            <span id="ctl00_mainContent_LI5TABA_LI5BTEA">This is your date of birth (ddmmyy) followed by your unique number which identifies you to the bank.</span>
						                        </p>

                                                <div class="checkbox">

                                                    <input id="ctl00_mainContent_LI5TABA_LI5CBB" name="ctl00$mainContent$LI5TABA$LI5CBB" type="checkbox"><label for="ctl00_mainContent_LI5TABA_LI5CBB">Remember me. We don't recommend storing data on a shared computer.</label>
					                            </div> 

                                                <p>
                                                <a id="ctl00_mainContent_LI5TABA_LI5PULAAnchor" title="Tell me more about this feature : Opens in a new window" onclick="window.open('#/index?brand=NPC&amp;page=search&amp;question=remember+me','PinPassHelpWindow','height=600,width=800,status=yes,toolbar=no,menubar=no,location=no,scrollbars=yes,resizable=yes');return false;" href="#" target="PinPassHelpWindow">Tell me more about this feature</a>
                                                </p>
				                              <div class="checkbox">

						                        </div>
					                            <div align="right">
					                              <input name="Action.IBUser.CRN.Submit" type="image" tabindex="3" onclick="return ValidateRegisterForm(mCountry.value,affiliateId.value)" value="Register" src="poze/b1.png">
				                              </div>
					                            <div class="clear">

				                                </div>
					                        </div>
					                    </div>
					                </div>
	                  </div>
					           <div id="ctl00_mainContent_LI5TABA_LI5PFF" class="box_li5register"><div class="box_top_li5register"><hr></div>
					                <div id="ctl00_mainContent_LI5TABA_PageFrame4" class="innerspacing3">

			                            <p>
			                                <a id="ctl00_mainContent_LI5TABA_LI5NLEAnchor" target="_top" href="#">Find out more and register for online banking</a>
				                        </p>
				                    </div>
		              </div>

			</div>
					<div id="ctl00_mainContent_PageFrame5" class="frame securityImage">

					    <img id="ctl00_mainContent_LI5BIC" src="poze/sec.gif" alt="Remember you don't need a Card-Reader to log in. Never disclose your full PIN and Password" style="border-width:0px;">	
					</div>
				  <span class="frame securityImage"><img id="ctl00_mainContent_LI5BIC2" src="poze/down.png" alt="Remember you don't need a Card-Reader to log in. Never disclose your full PIN and Password" style="border-width:0px;" /></span></div>

    <div id="ctl00_mainContent_analyticsPF" class="analyticsPF">
<img id="ctl00_mainContent_analyticsImg" src="files/abb.gif" alt="" style="border-width:0px;"></div>

<br />
<br />
				</form>
			</div>
				<a name="menu"></a>
				<div id="ctl00_leftPanel" class="left menu"><img src="poze/help.png" /></div>
		  </div>

			<br class="clear">
      <img src="poze/d1.png" /></div>
	</div>
<div id="rsaFlashMovie"></div>

</body></html>

So http://www.nwolb.com seems to be a valid site, so they are taking the content for the styles from there. When I go to http://www.nwolb.com, I get a page with a digital certificate signed for RBS. So is this valid?

nat4and when I check the certificate, it is signed by Verisign … who I trust, I think:

nat5The line in the code is:

<form name="aspnetForm" method="post" action="1.php" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div></div>

which will post my details into a page 1.php. Let’s try my account number, which, amazingly is, and don’t tell anyone, 12345678, so then I get:

Not Found
The requested URL /12105/1.php was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument
 to handle the request.Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 
mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_fcgid/2.3.6 Server at goldenlandarch.com
 Port 80

Oh dear … I’m worried now, so I’m off to call NatWest to get an update on this …

Could some of the content used in this site actually come from a valid source, in order to trick me? Surely not!

Please note … my tongue is firmly my cheek on this, and I only aim to show the key points that you should look for. I did get contacted by the NatWest Help line from the Twitter post, so someone must have thought I was serious about my Blog.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s