Abbey National plc. Online Banking Alert

This one looks like a phising attempt, the email comes with an attached form where you are required to give your card / account info. First sign that this is a scam is the sender's email address.

Return-Path: <[email protected]>
Received: from compute2.internal (compute2.internal [10.202.2.42])
by store66m.internal (Cyrus v2.3.15-fmsvn20544-ebff1b04) with LMTPA;
Thu, 12 Nov 2009 09:04:36 -0500
X-Sieve: CMU Sieve 2.3
X-Spam-charsets: plain='Windows-1251'
X-Attached: Account Maintenance.htm
X-Resolved-to: [email protected]
X-Delivered-to: [email protected]
X-Mail-from: [email protected]
Received: from mx1.messagingengine.com ([10.202.2.200])
by compute2.internal (LMTPProxy); Thu, 12 Nov 2009 09:04:36 -0500
Received: from mail.samtv.ro (mail.samtv.ro [89.39.24.2])
by mx1.messagingengine.com (Postfix) with SMTP id A5D61135
for <[email protected]>; Thu, 12 Nov 2009 09:04:35 -0500 (EST)
Received: (qmail 24214 invoked from network); 12 Nov 2009 16:04:27 +0200
Received: from unknown (HELO User) ([email protected])
by mail.samtv.ro with SMTP; 12 Nov 2009 16:04:27 +0200
Reply-To: [email protected]
From: Abbey National plc.<[email protected]>
Subject: Abbey National plc. Online Banking Alert
Date: Thu, 12 Nov 2009 09:04:28 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0066_01C2A9A6.4487E232"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Truedomain-DKIM: None
X-Truedomain: Neutral
Message-ID: <[email protected]>

Dear Abbey National plc. Customer,


During our regularly scheduled account maintenance and verification procedure we have detected a
slight error in your online account.

This might be due to the following reasons:


1. A recent change in your personal information (ie. change of address, email address)

2. An inability to accurately verify your selected option of payment due to an internal
error within our systems.


If you did not make this email change/confirmation, please follow the instructions below,
phone lines are open 24 hours a day, 7 days a week.


To do this we have attached a form to this email. Please download the form and follow the
instructions on your screen. NOTE: The form needs to be opened in a modern browser which has
javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)


Regards,

Abbey Online Helpdesk

FIGHT ONLINE FRAUD

Please do not reply to this email address as it is not monitored and we will be unable to respond.

Attachments

Yes, this is a phishing attempt. Thanks for posting it David (and welcome to ScamWarners). Your bank will never contact you and ask you to verify personal information through email.

We don't really address phishing here at ScamWarners. The best way to deal with these emails is to forward them to the legitimate company they are impersonating, in this case, Abbey Bank. Please note that this email doesn't include a link to a phishing page/fake site so there may be something harmful in downloading the attachment or they may be simply trying to steal your personal information through the questions asked in the attachment.

And another one. This one is different but with the same purpose.

Re: Your Abbey Internet Banking Account Status

From:
"Abbey Bank National" <[email protected]> [Add]
To:

Date:
Thu, 3 Dec 2009 4:34 PM (4 hours 44 mins ago)


Return-Path: <[email protected]>
Received: from compute2.internal (compute2.internal [10.202.2.42])
by store66m.internal (Cyrus v2.3.15-fmsvn20771-f904b41c) with LMTPA;
Thu, 03 Dec 2009 10:34:20 -0500
X-Sieve: CMU Sieve 2.3
X-Spam-charsets:
X-Resolved-to:
X-Delivered-to:
X-Mail-from: [email protected]
Received: from mx3.messagingengine.com ([10.202.2.202])
by compute2.internal (LMTPProxy); Thu, 03 Dec 2009 10:34:20 -0500
Received: from joyful.micfo.com (unknown [64.120.76.138])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx3.messagingengine.com (Postfix) with ESMTPS id C9CB3178
; Thu, 3 Dec 2009 10:34:19 -0500 (EST)
Received: from jplwebde by joyful.micfo.com with local (Exim 4.69)
(envelope-from <[email protected]>)
id 1NGDhB-0002Mi-HX
Thu, 03 Dec 2009 09:34:17 -0600
To:
Subject: Re: Your Abbey Internet Banking Account Status
X-PHP-Script: vudooshockey.net/Bears/10-10-09/index.php for 41.222.192.84
From: Abbey Bank National <[email protected]>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <[email protected]>
Date: Thu, 03 Dec 2009 09:34:17 -0600
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - joyful.micfo.com
X-AntiAbuse: Original Domain - fastmail.fm
X-AntiAbuse: Originator/Caller UID/GID - [586 32004] / [47 12]
X-AntiAbuse: Sender Address Domain - joyful.micfo.com
X-Source: /usr/local/lsws/fcgi-bin/lsphp-5.2.11
X-Source-Args: lsphp5
X-Source-Dir: jeep-picture.com:/public_html/vudooshockey.net/Bears/10-10-09
X-Truedomain-SPF: None
X-Truedomain-DKIM: None
X-Truedomain: Neutral



Due to concerns for the safety and integrity of your Abbey account we have issued this warning message.
We have just completed a scheduled maintenance on our Online Banking system. In order to ensure your account
(s) are protected, kindly click on the " Login to my account " link below:

Login to my account
Thank You.
Abbey Security Team

I get that quite a lot,and I left them in 2003...another familiar one is HSBCmuch the same as Abbey,but Im not even a HSBC customer,nor is anyone I know!!

When they come in,before opening it,once you see who its from just delete it.