Phishing for Password
Home ScamsPhishing Scams RBS ‘Latest Statement Available’ Phishing Scam

RBS ‘Latest Statement Available’ Phishing Scam

by Brett M. Christensen

Outline

Email purporting to be from the Royal Bank of Scotland (RBS) advises recipients that their latest statement and pre-advice of interest & charges are available for viewing online.

Brief Analysis

The email is not from RBS. It is a phishing scam designed to trick RBS customers into giving their account login and email account details to criminals. Once they have gained this information, the criminals can access the real RBS accounts and use them to steal funds and conduct fraudulent transactions. They can also hijack email accounts belonging to victims and use them to launch spam and scam campaigns.

Example

Subject: Your latest statement and pre-advice of interest & charges is available online

Dear Customer,

Your latest statement and pre-advice of interest & charges for your credit card is ready for you online now. Just click on rbscardservices.co.uk and see more information on your credit card.

If you need more help in understanding your statement, visit our statement. just click on rbs.co.uk/yourstatement

With your online banking remember you can also
• Make payments quickly and easily
• Move money between accounts instantly
• Search transactions to find what you need quickly
• View, download and print PDFs of all your bank statements for the past 7 years
We’re here to help when you need it
• Our online banking Help 24×7 is available to answer your questions
• If you need more help please contact us
• Our staff are ready to help at your local branch
Also, just below you’ll find details about the Financial Services Compensation Scheme (FSCS) rules and how these protect the money you have deposited with us.

Yours sincerely

Chris Popple
Managing Director, Retail Banking

RBS Phishing Scam Email

 

Detailed Analysis

Like other banks, the Royal Bank of Scotland is regularly targeted by phishing scammers. Many of the scam attempts claim that there is a problem with the customer’s account that needs to be rectified or that account details must be updated. These emails generally convey a sense of urgency and instruct users to click a link or open an attached file to rectify the supposed issue.

The version I am discussing here takes a different approach. It advises recipients that their online statement and pre-advice of interest & charges is ready to view online. The email is designed to look like an official RBS notification and comes complete with the RBS logo. It contains several links, all of which open a bogus website that has been created to emulate a genuine RBS login page.
Since banks often do send emails notifying customers that an online statement has been issued, this scammer tactic may be a quite effective method of tricking users into clicking the links.

Those who do follow one of the scam links in the hope of viewing their statement will first be asked to enter the account username and then click the ‘login’ button. Next, they will be taken to a second fake page that asks for their RBS Internet PIN and password as well as their email address and email password. Clicking the ‘Next’ button will take users back to the genuine RBS home page.

Meanwhile, the scammers can collect the information submitted on the fake forms and use it to gain access to the real RBS accounts belonging to their victims. They can use the hijacked accounts to transfer funds and conduct other fraudulent transactions in the names of their victims. They can also hijack email accounts belonging to their victims and use them to send out further scam and spam emails.

While banks may well send customers notifications about new online bank statements, they generally will not include direct links in these messages.

It is always safest to login to your online accounts by entering the account address into your browser’s address bar or via the account’s official app.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer