Cybercriminals are trying to trick Royal Bank of Scotland (RBS) customers into handing over their personal and financial information by sending out phishing emails that carry the subject line “Your latest statement and pre-advice of interest & charges is available online.”
“Your latest statement and pre-advice of interest & charges for your credit card is ready for you online now. Just click on rbscardservices.co.uk and see more information on your credit card. If you need more help in understanding your statement, visit our statement. Just click on rbs.co.uk/yourstatement,” the emails read.
The fake messages are well designed – they carry the RBS logo and they’re relatively well written. They purport to come from Chris Popple, the bank’s head of digital. It’s worth noting that Popple really is an RBS managing director, the name is not made up by the fraudsters.
However, Hoax Slayer warns that the links from the bogus notifications don’t point to the genuine RBS website, but to a phishing site that’s been set up to mimic the bank’s login page.
Victims are asked to hand over their username, PIN, password, email address and email account password. After the information is submitted, users are taken to the genuine RBS website.
If you’re a victim of this scam, change all your passwords immediately. You might also want to keep a close eye on your bank account since the cybercriminals could try to initiate fraudulent transactions.
The phishers can also try to sell the stolen information on underground markets and let others do the actual dirty work.
When accessing your RBS online account, always make sure that you’re on the legitimate website, which is secured with an SSL certificate that ensures all your data is transmitted safely.