" Dear client of the National Westminster Bank, As the Technical service of the bank have been currently updating the software, "...

The terrible grammar should give this phishing scam away, but the forged web content is much more convincing...

A forged Nat West form is presented in one browser window while the genuine natwest.com page is presented in another. The forged page has been further scripted to open with the file, tool and address bars removed, thereby giving it an appearance of a pop up window, and with the genuine page served as a back drop, it could be incorrectly perceived to have been generated by the genuine page.

This, of-course, is not the case, and the URL of the bogus content - http://205.179.195.139:4903/n/confirm.htm - resolves to web space operated by DSL.Net in the USA. Any data submitted into this forged Nat West form is captured by a script located in the same web space.

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

The bogus web page (which is presented in a pop up style window in front of the genuine natwest.com page) ...