Scam email example - Instructive case study

Beware Virus-man - he’s out to get you!

Virus emails - speak of the devil


You’ll remember my last blog? You don’t? Well - better check it out - right here.

The blog was a warning about the dangers of the Evil Phisherman - how to avoid being caught out by phishing emails. I promised you that the next blog would be about Email Viruses. Speak of the devil - just this morning, I received just such an email.

And here it is - in all its evil glory

scam email example



It looks pretty convincing - certainly at first glance. Everything is there that you’d expect. The NatWest branding and strapline, along with numerous references to security. In fact, it really is rather good, until … you look at it more closely. With just a little careful examination, familiar warning signs keep popping up.


Let’s look again -

scam email mistakes

Now let’s look at these danger signals in turn -

  1. The domain name - @natwestmessage.com. Let’s see what the WhoIs Lookup website says...

    domain whois screenshot

    Well now - isn’t that interesting? The domain name was only registered on the 28th March! Just a few days ago. For a banking brand with NatWest’s global status, don’t you find that a trifle odd, or possibly suspicious? Let’s look at item no. 2 …

  2. The attachment. There’s something you need to know. Banks NEVER send an attachment when the content is confidential. Why’s that? Well - password cracking software is easy to download and to use. So, it would be easy for someone with malicious intent to access a password protected document.

  3. No greeting. Just as with phishing emails, discussed in the last blog, the lack of a personalised greeting is most odd and suspicious. A genuine email will always begin with Dear your name.

  4. Bad Grammar. Look at that comma. There’s a space between it and the preceding word. We all know that’s not right. Do you think NatWest would send out an email with a glaring mistake like that? And it’s exactly the same with …

  5. The expiry date. Really? March 02, 2017? Nearly 13 months before the date of the email itself? I don’t think so!

I’m sure you’ve come to the same conclusion as me. This email is like corked wine. It should be avoided … or you might regret the consequences.


Latest Tips

We use cookies, which are placed on your computer or other device. By using this site, you agree to such cookies being used. To find out more please see our cookies policy.