It is getting to the time of year when we start thinking about Christmas after having summer holidays. You have spent up to your limit on the credit cards and are wondering how to pay they bills until the next pay cheque arrives, when what looks like a miracle happens. An email arrives apparently from Nat West Bank that offers you £60 for filling in a Natwest value your opinions survey. Woo Hoo, you think, That will pay my grocery bill for the rest of the month, lets give it a go. Sorry to disappoint you folks but it is a scam and is a phishing fraud designed to steal your bank and credit card details.
The email says something like this:
Natwest value your opinions
You were chosen by chance to participate in a short and easy survey. NatWest offers a bonus of 60 Pounds in exchange for 5 minutes spent on our website and complete the survey. Please follow the website to complete survey
This one wants your personal details and your credit card and bank details. Many of them are also designed to specifically steal your email, facebook and other social network log in details.
Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.
The original email looks like the words above, and of course at this time of year ( or anytime of year) we all need a few extra pennies and the offer of a £60 from Natwest for filling in a Natwest value your opinions survey is always welcome. It will NEVER be a genuine email from Natwest or any other bank, so don’t ever fill in the webpage form that is at the end of the email link or comes attached to the email.
If you follow the link you see a webpage looking likeThis: ( reduced in size to fit in one screen shot)
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.