Making the Most of the Internet - Blog


Wednesday, October 17, 2007

Unusual Activity Detected In Your Account


I bank with Nationwide, but not on-line as I don't trust on-line banking.

Late last night I got 15 of these e-mails to my main e-mail addresses and another 88 to my spam trap. Spammers really ought to cut the number of times they send a message to an individual as multiple copies are always a giveaway. Look at the reputable companies that send you e-mail messages. How many times do they send the same message more than once? Not often.

All of these com from, which could be a valid e-mail address.

But it's still fraud.

Nationwide's Internet Banking,Due to concerns, for the safety and integrity of your Nationwide bank account we have issued this warning message.

It has come to our attention that your Nationwidewide account information needs to be updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website.

Due to this, You are requested to update your account information by following the link below:

Thank You.

I'm going to have a look at this one in more detail, as it could fool people, due to that feasible e-mail address.

But it leads you to, which is an address on

The owner of this URL: is :-

Xxxxx Xxx

Registrant's address:
Xxxxxx Xxxxxx
Xxxxx Xxxx

Compila Limited [Tag = COMPILA]

Relevant dates:
Registered on: 27-Jul-2006
Renewal date: 27-Jul-2008

Which looks totally feasible, and judging by the dates is nothing to do with illegal activity. Note that I have been contacted by the individual and have blanked his name out as a courtesy. He of course had nothing to do with the illegal activity from the site.

Go to the web site and the heading is "Hacked by McJony", so that says it all. Incidentally, my anti-phishing filter in Internet Explorer blocked access to the web site. So install it for your protection.

The crook has also used a URL of in another e-mail. This appears to be a legitimate web site for Caron Lopez.

The registration details are :-

Caron Lopez

Trading as:

Registrant type:
UK Sole Trader

Registrant's address:

Compila Limited [Tag = COMPILA]

Relevant dates:
Registered on: 19-Jun-2006
Renewal date: 19-Jun-2008
Last updated: 02-Nov-2006

Note that the registrant is the same as the and both domains were registered about the same time.

It I was Mr. Plod, then I'd banging on the door of Compila Ltd. They look very respectable from their web site, so I suspect that it's either a coincidence or a rogue employee, customer or someone else.

Will they? Of course not! The Police have much better things to do, like sitting in Police Stations filling in forms about their performance on behalf of a Government that wants to micro-manage us all.

So can we learn anything from this?

1. Use the anti-phishing filter in Internet Explorer.

2. If you are the owner of a domain name, make sure you have keep it with a company, who has a very good reputation.

3. Change your access passwords to the domain regularly.

But I suspect that even then, you wouldn't stop a determined crook.



Anonymous Anonymous said...

Only a total dickhead employee would run a phishing site from his workplace, particularly in the UK. Give people credit! Phising is mostly organised by criminal gangs out of Russia and Eastern Europe. A Phishing site pops up every second of the day, worldwide. If you do your research you'll find that most UK ISPs are affected most of the time. This has nothing to do with passwords; it is a simple matter of subverting commonly used php scripts. It is impractical for hosting companies to police therefore they are all "suseceptible" to greater or lesser degrees.

Saturday, February 21, 2009 6:46:00 pm  

Post a Comment

<< Home