Outline
Email purporting to be from the Royal Bank of Scotland (RBS) claims that the bank has noticed irregular activity on the recipient’s debit card. The recipient is instructed to click a link to answer verification questions.
Brief Analysis
The email is not from RBS. It is a phishing scam designed to trick customers into giving their bank login details and financial information to criminals.
Example
Subject: RBS – 1 New ALERT Message
Dear Valued Customer,
We noticed irregular activity on your RBS Debit
Card.
For your protection, You are required to pass the
verification questions correctly as the primary owner
before we can re-open your debit card for use.
We will review the activity on your account and remove
any restrictions placed on your account.
Click Here To Proceed To Your Account
Helpful Banking.
Our Regards
Security Legal Info© 2005-2013 The Royal Bank of Scotland plc
Detailed Analysis
This email, which claims to be an alert message from the Royal Bank of Scotland (RBS), warns that the bank has noticed irregular activity on the recipient’s RBS debit card.
The recipient is told that he or she must click a link to “pass the
verification questions correctly” so that the debit account can be reopened.
However, the email is not from RBS. It is a typical phishing scam designed to trick RBS customers into sending their personal and financial information to online criminals.
Those who fall for the ruse and comply with the instructions will be taken to a fake website designed to look like the genuine RBS login page.
After entering their login credentials on the fake page, they may be taken to a second form that asks for card details and other financial information. All of the information submitted can be collected by the scammers and used to hijack the victim’s RBS account and commit credit card fraud.
Phishing is a very common scam that targets customers of financial institutions all around the world. Be wary of any message that claims that you must click a link or open an attached file to rectify an account issue or verify your identity. This is a very common phishing ploy.
It is always safest to login to all of your online accounts by entering the address into your browser’s address bar rather than by clicking a link in an unsolicited email.
You can report suspicious emails claiming to be from RBS via the reporting details listed on the bank’s website.