Zyra Front Page //// Internet //// Banks //// Finance //// Scams //// e-mails //// Crime-fighting links and anti-virus measures //// site indexSite Index

Bank Hoaxes by email

Part of the Rogues Gallery of Suspicious e-mails. Let's expose these ridiculous scam messages and warn people to avoid being caught out by such scams!

(You are reading this at a scam-busting website!)

It's important to know that banks do not send out email messages to "Dear Customer" asking you to confirm your security details. If you receive a message claiming to be from your bank, building society, insurance company, or from PayPal, telling you about some new security update, it is generally a hoax! The emails are most likely to be from crooks impersonating the bank and hoping to fool you into divulging your personal security data so they can steal your money!

Here are a few examples...

NatWest Bank Security Update:

----- Original Message -----
From: support@natwest.com
[your harvested email address]
Sent: Monday, December 08, 2003 9:44 PM
Subject: NatWest Bank Security Update

Natwest logo

Dear Valued Customer,

- Our new security system will help you to avoid
  frequently fraud transactions and to keep your
  investments in safety.

- Due to technical update we recommend you to
  reactivate your account.

Click on the link below to login and begin using
your updated NatWest account.

To log into your account, please visit the NatWest Online Banking
If you have questions about your online statement, please send us a Bank Mail or call us at 0846 600 2323 (outside the UK dial +44 247 686 2063). We appreciate your business. It's truly our pleasure to serve you.

NatWest Customer Care

This email is for notification only. To contact us, please log into your account and send a Bank Mail.

Definitely NOT from NatWest! Here's a similar one, this time pretending to be from Lloyds TSB

Lloyds TSB Security Server Update:

----- Original Message -----
[your harvested email address]
Sent: Sunday, January 20, 2002 8:10 AM
Subject: Security Server Update

Lloyds TSB Business logo

Dear Valued Customer,

- Our new security system will help you to avoid frequently fraud transactions and to keep your investments in safety.

- Due to technical update we recommend you to reactivate your account.

Click on the link below to login and begin using your updated Lloyds account.

To log into your account, please visit the Lloyds Online Banking

For business banking login here

If you have questions about your online statement,
please send us a Bank Mail or call us at
0846 600 2323 (outside the UK dial +44 247 686 2063).

We appreciate your business. It's truly our pleasure to serve you.

Lloyds Customer Care

This email is for notification only. To contact us,
please log into your account and send a Bank Mail.

As well as Lloyds TSB (bank) hoax email messages, there are also hoax messages pretending to be from Lloyds TSB Insurance - see Lloyds TSB Insurance Security email message. Typically, these messages claim to be from the SECURITY department, and often acknowledge the existence of hoax messages, as a kind of double-bluff. Well if they're that good at bluffing they should play Poker!

Incidentally, the links in these messages don't go to the banks, but somehow are spoof sites which mimic the official bank sites and try to steal your personal bank security details.

Another similar hoax message, this time pretending to be from the Halifax. Again, you should avoid being fooled by the genuine looking header, which the spoofers have simply copied, as they aren't exactly worried about copyright or trademark issues!:

----- Original Message -----
[everyone's Tiscali address]
Sent: Thursday, August 04, 2005 8:57 PM
Subject: Halifax Internet banking EmaiI Verification - [%To_Email] [Thu, 04 Aug 2005 16:54:36 -0300]

Halifax - Always giving you extra

Dear client of the Halifax Internet banking,

Technical services of the bank are carrying out a planned software upgrade
for the maximum convenience of the users of online-services of the Halifax Bank.
We earnestly ask you to visit the following link and to confirm your bank data:


This instruction has been sent to all bank customers and is obligatory
to follow.

Please do not answer to this email - follow the instructions given above.

Note the curious use of English, suggesting the sender is more likely to be from China than from Halifax! Plus, on careful inspection of the spoof message, the text was sent as an image, suggesting an attempt to get through various spam filters. Also note that the Halifax actually know their customers well enough to avoid addressing them as "Dear client of the Halifax Internet banking"!

Here's another bank hoax e-mail, this time faked up to look like it's supposed to be from Barclays Bank! As well as being sent to a harvested address, other things that give it away as a foolish scam message are the "Dear Barclays customer", the false premise, and the random dodgy text stuck on the end, (invisible to some systems, but not if you HIGHLIGHT it!)

----- Original Message -----
From: Barclays
Sent: Saturday, March 11, 2006 11:07 PM
Subject: URGENT SECURITY NOTICE [Sun, 12 Mar 2006 07:08:53 -0800]

They've used IMAGE AS TEXT which is also a bad practice
Surely they had seen what was coming. cleric bellatrix It began to move.

A couple of National Guard chopper-jockeys sent out as part of a random drug-control sweep (looking for back-country pot-farmers, in other words) had seen a sunflash on what remained of the Camaro's windshield and set down in a nearby clearing for a closer look. lions on either side of him. The third-floor apartment was vacant at the time of the fire. The cloud, he thought. Same M. "The axe came whistling down and buried itself in Paul Sheldon's left leg just above the ankle. He heard a light shuffle-scuffle and looked quickly in the corner, expecting to see the trooper crawling toward him,

If you'd like to visit the real Barclays Bank we have some links to the place! At the actual site you'll almost certainly be able to find some dire warnings about these bogus messages which might come in. Remember: If you have a bank account, the bank knows your name and account number, oh, and also they won't put a paragraph transplanted from a thriller novel on the end of official bank correspondence!

Here's another email, this time pretending to be from HSBC:


----- Original Message -----
Halifax plc
TradeDoubler address
Sent: Thursday, July 26, 2007 10:10 AM
Subject: You have 1 (new) security message alert(s)

HSBC The world's local bank

Online Banking alert,

Please note, that your Halifax online banking account is about to expire.
In order for it to remain active - please follow the link below to proceed and restore your account.

Continue using online banking.

Thank you for banking with us,

© HSBC Bank plc, Registered in England No. 114216. Registered Office: 8 Canada Square, London E14 5HQ
Copyright © 2007. All rights reserved.

(Some versions have slightly different text, for example: Access Suspended, To protect your accounts, we automatically suspend your online access when your sign in details have been entered incorrectly several times. To get back into the service, you can reset your details quickly and easily using our online reset process - just click the 'Continue' button below. Continue. Thank you for banking with us). Again not really from the bank, and the address is not the real bank address. A close inspection of http;//www,hsbc.co.uk.session52-en.us/1/2/personal/internet-banking/jsessionid=000LaRtPDWhNR7X4O/ reveals it is NOT www.hsbc.co.uk which is the destination but session52-en.us preceded by a subdomain!

NationwideThere's also one claiming to be from the Nationwide and asking you to Please Update Your Account. This is also a hoax, and the message did not originate from the Nationwide. The hoax message has been stuffed and mounted for you to examine. See Nationwide hoax message

Now, the Royal Bank of Scotland. During some of the months of 2007 this was an especially popular target for spam senders hoping to lure unsuspecting customers of the Royal Bank of Scotland into confirming their security details, a hoax of course!

----- Original Message -----
Royal Bank of Scotland
Circular (harvested address)
Sent: Tuesday, August 07, 2007 10:22 PM
Subject: The Royal Bank of Scotland customer service: important information! (mess_id: O9814630578698)

Royal Bank of Scotland Group

Dear Royal Bank of Scotland customer,

The Royal Bank of Scotland Customer Service requests you to complete Digital Banking Customer Confirmation Form (CCF).

This procedure is obligatory for all customers of the Royal Bank of Scotland.

Please select the hyperlink and visit the address listed to access Digital Banking Customer Confirmation Form (CCF).


Again, thank you for choosing the Royal Bank of Scotland for your business needs. We look forward to working with you.

***** Please do not respond to this email *****

This mail is generated by an automated service.

0x70, 0x6, 0x1383, 0x76, 0x76, 0x840, 0x7, 0x5, 0x08 type rev rev update WVIS 9EA YOH function include 1J2G: 0x04, 0x67666732, 0x513, 0x451, 0x18972110, 0x748, 0x4, 0x6433, 0x09, 0x40, 0x45 0x5, 0x19272349, 0x8, 0x25305478, 0x1, 0x3754, 0x401, 0x6, 0x69173826, 0x0, 0x87, 0x05 0x5625, 0x356, 0x2, 0x4179, 0x88, 0x581, 0x23799786, 0x2172, 0x6741, 0x064, 0x444 type: 0x85345844, 0x4, 0x67, 0x3996, 0x9, 0x41671632 R1S: 0x88144152, 0x301, 0x5, 0x6, 0x7773, 0x8963, 0x80, 0x7, 0x0, 0x779 0x77 file: 0x37372463, 0x3, 0x36, 0x293, 0x0, 0x059, 0x23950420, 0x5

type: 0x54233032, 0x6, 0x590, 0x7, 0x4, 0x396, 0x28, 0x194, 0x777, 0x6, 0x6, 0x5904 hex: 0x69156775, 0x35820631, 0x9737, 0x58, 0x58022221, 0x88763603, 0x04814260, 0x532 500: 0x72324390, 0x191, 0x9418, 0x3025, 0x06, 0x709, 0x056, 0x391 H8A8 function. 0x8, 0x011, 0x609, 0x43, 0x51808969, 0x3908 KSK: 0x3507, 0x0595

include: 0x4, 0x45, 0x1, 0x79, 0x5, 0x109 0x8290, 0x38844671, 0x80 0x4842, 0x5569, 0x05971717, 0x099, 0x59507553, 0x386, 0x390, 0x79998953 0NO: 0x5, 0x3, 0x188 function R8J 77YV WV0J 3KY dec0x47267176, 0x6, 0x1, 0x79491603 MW2: 0x62402452, 0x27, 0x869, 0x24, 0x4586, 0x74063978, 0x8331, 0x91, 0x556 0x3, 0x38701202, 0x3785, 0x2 close rcs 1D4 hex tmp define serv 8GA7 ALYP 0x0, 0x01

Again, the link was faked-up, so whereas it looked like it was going to http;//sessionid-16744,rbs.co.uk/customerdirectory/direct/ccf.aspx, it was in fact going to http;//sessionid-16744 .rbs.co.uk.hfie22.hk/customerdirectory/direct/ccf.aspx which is a subdomain within hfie22.hk in Hong Kong.

And here's an even more frightening message, this time pretending to be from US Bank. It is of course NOT from U.S. Bank at all, but from some hoaxer hoping to scare you into following a bogus link which would be unwise to say the least! It's a panicmail

----- Original Message -----
From: U.S. Bank
[harvested email address]
Sent: Monday, January 19, 2004 8:49 PM
Subject: Your account at U.S. Bank has been suspended.

Dear U.S. Bank account holder,

We regret to inform you, that we had to block your U.S. Bank account because we have been notified that your account may have been compromised by outside parties.

Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some activity related to your account that indicates that other parties may have access and or control of your information in your account.

These parties have in the past been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations. In order that you may access your account we must verify your identity by clicking on the link below.

Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to reactivate your account as instructed below.

Thank you for your time and consideration in this matter.


Before you reactivate your account, all payments have been frozen, and you will not be able to use your account in any way until we have verified your identity.

I tell you, I'd be worried if I thought the bank considered I'd been to such outrageous all-night rave events that my bank account had been "compromised by outside parties"! However, it's important to understand these messages aren't genuine, so be calm about it and don't get caught up in an epidemic of fear. In truth, bank accounts such as those at US Bank for example are sufficiently secure that a security problem like this would warrant more personal attention than "Dear (anonymous) account holder".

And how about this, pretending to be from PayPal? The attachment is a virus, so if you've opened it you should get some anti-virus software!


<attachment: www.paypal.com.scr> (virus)

----- Original Message -----
PayPal.com donotreply@paypal.com
[your email address here]
Sent: Tuesday, December 09, 2003 8:37 AM

Dear PayPal member,

PayPal would like to inform you about some important information regarding your PayPal account. This account, which is associated with the email address

[your email address here]

will be expiring within five business days. We apologize for any inconvenience that this may cause, but this is occurring because all of our customers are required to update their account settings with their personal information.

We are taking these actions because we are implementing a new security policy on our website to insure everyone's absolute privacy. To avoid any interruption in PayPal services then you will need to run the application that we have sent with this email (see attachment) and follow the instructions. Please do not send your personal information through email, as it will not be as secure.

IMPORTANT! If you do not update your information with our secure application within the next five business days then we will be forced to deactivate your account and you will not be able to use your PayPal account any longer. It is strongly recommended that you take a few minutes out of your busy day and complete this now.

DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message system and the reply will not be received.

Thank you for using PayPal.

[random letters here to try to fool anti-spam filters]

Again, PayPal would know your actual ID and not need to say "Dear PayPal member". If you get any of this kind of stuff pretending to be from PayPal, you can tell them about it by sending to spoof@paypal.com and they'll thank you for it.

It's also currently suspected that spam email messages apparently from eBay are not actually from eBay, but are some kind of hoax like these bank hoaxes, and are sent to try to get you to divulge your personal security info! See eBay Spam

Rarely, in fact very rarely, do bank hoax phishing-attackers actually phone you, but it has been known to happen. You get a bank call and someone says they are the bank and they want you to confirm something. Beware! However, you can deal with this awkward situation by some sensible security measures, as detailed at the page Bank Call, which explains how easy these bank hoax callers are to rumble.

Also be careful if you receive an online bill from O2 as it's a similar hoax. Also beware of supposed messages from Tk Maxx and a similar Update Account message from Very and various other messages which are a Scam

With any of these, and with the Microsoft virus scam, the key feature is that the perpetrators are pretending to be someone you might trust in order to get one up on you, either by getting you to run a virus or to give away security information.

If it were a comedy movie, bank robbers might dupe people by disguising themselves as "Bank Security Team" or some such thing, and you'd laugh at how easy the on-screen customers fell for the joke and ended up with the bank robbers stealing the money, but this e-mail scenario is just as silly. So, don't be fooled by it!

Other warnings about scams and suspicious e-mails:

From Microsoft?

Worm Klez-E immunity tool

Yahoo Games Screensaver message

Mail Returned virus messages

Chain Letters

Pyramid Schemes



eBay spam email messages

AOL Final Warning

PanicMail - you are on a video on Youtube?!

Your O2 Bill

Tk Maxx credit card security

Co Op Bank Devoted Customer Reward

Lloyds TSB Insurance Security

Amazon sent this message - oh no they didn't!

Skype account blocked

Qualifications on Qualifications

Congratulations you have won the National Lottery

Also see ROGUES GALLERY PAGE 1 (including the Nigeria Scam) and ROGUES GALLERY PAGE 2

Extra note! Here's another PayPal scam!

URGENT: PayPal System Problems
Dear PayPal User,

Today we had some trouble with one of our computer systems. While the trouble appears to be minor, we are not taking any chances. We decided to take the troubled system offline and replace it with a new system. Unfortunately this caused us to lose some member data. Please follow the link below and log into your account to make sure your information is not affected. Account balances have not been affected.

Because of the inconvenience this causes we are giving all users that repair their missing data their next two incoming transfers for free! You will pay no fees for your next two incoming transfers*.
Thank you for using PayPal!

* - If fees would normally apply, you will not pay anything for the next two incoming transfers you receive.

PayPal Security

NEVER give your password to anyone and ONLY log in at PayPal's website. If anyone asks for your password, please follow the Security Tips instructions on the PayPal website.

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.

(Strange that the tracker-pixels in this hoax e-mail are hosted at PayPal! This doesn't prove PayPal are sending the spam themselves, but will be a bit concerning if the URLs of the images remain the same!)