This seems like a scam?

We have a self catering property in the UK and have taken a reservation from a family from the Netherlands. All seems above board, emails using a company email address and we can see their website. All emails in very good English, website also has an English version. We've received the completed booking form, but then they emailed again to say they have hit a problem. They say they had tried to send the deposit but OUR bank has asked their bank to confirm the following details about US.

"Name Fully written.
Place of birth
Nationality
Male or female of account holder"

This sounded strange, we contacted our bank who said they would not ask for those details. Just account name, IBAN and BIC. We advised the potential guests of this. We then received an email which appears to come from their bank repeating this request. It smells like a scam?

This is the email header from the bank:
Received: by xxxxxxxxxx with SMTP id xxxxxxx;
Fri, 14 Oct 2011 07:27:11 -0700 (PDT)
Received: by xxxxxx with SMTP id xxxxxxxxx;
Fri, 14 Oct 2011 07:27:08 -0700 (PDT)
Return-Path: <[email protected]>
Received: from RNmail1.rabobank.nl (rnmail1.rabobank.nl. [145.72.104.194])
by mx.google.com with ESMTPS id 3si6240669wbw.70.2011.10.14.07.27.08
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 14 Oct 2011 07:27:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 145.72.104.194 as permitted sender) client-ip=145.72.104.194;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 145.72.104.194 as permitted sender) [email protected]; dkim=pass [email protected]
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=rabobank.nl; [email protected];
q=dns/txt; s=dkim; t=1318602428; x=1350138428;
h=from:to:subject:date:message-id:in-reply-to:mime-version:
content-transfer-encoding;
bh=hKt5BZl+IaBF9ptmMCDNwq/ff2guDF1Idk9cuEh8q+c=;
b=aAcJyJiwvbW0yxrqXsgU0SCCsErRJ6Gymvg7JUS0JSihKSfXjcNwr7Ty
12rJjGP6iiDmHpQ0L0usywxCE7uvGBuFWiZCIugmIW33jweWhgrXsGYiY
MCqFEJFVYAPdUFk;
From: <[email protected]>
To: <xxxxxx>
Subject: Booking Form
Thread-Topic: - Booking Form
Thread-Index: Acx66fOcjpb3Ge+aRb+hpuof+y7nGAADj70gAFp4mRAAAkSx0AAsGKaAAox+KbAAmZeQIAAEgeWwAAli5SAAGkSHwAAB4lpQAATzkwAAAtKnEAAAbs7w
Date: Fri, 14 Oct 2011 14:26:27 +0000
Message-ID: <[email protected]>
In-Reply-To: <1F1AFEBF0A100540B7012AC189899DDE1952C929FB@MAIL3004.rabobank.corp>
Accept-Language: nl-NL, en-US
Content-Language: nl-NL
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [145.72.68.57]
Content-Type: multipart/alternative;
boundary="_000_0FF5510AE078B841AB4C39028495D05002AADCMAIL2014rabobankc_"
MIME-Version: 1.0
Return-Path: [email protected]
X-OriginalArrivalTime: 14 Oct 2011 14:26:28.0574 (UTC) FILETIME=[42F417E0:01CC8A7D]

Email was signed:


Goedemiddag Joyce van Es-van Diermen,


Zie onderstaande e-mail met de gevraagde gegevens.

Ik hoop dat de betaling nu rond komt.

The IP Address in the email belongs to the bank [145.72.68.57] and the domain name is present on the Whois too, so it is an odd one.

If your bank have already said they would not ask for those details, I would take a copy of your correspondence to the bank and ask them for assistance just in case something is not in order. If they have attempted to send a deposit then there should be a record of it.

I also agree that any financial institution asking for place of birth and nationality for a transfer is idiotic.

haven't checked the WHOIS - but there's much more about this 'booking' that is very odd. i'm in touch with the sender through a different forum of owners of holiday rentals and B&B's. i suggested she'd post this particular mail (one of a few she received) here at scamwarners.

my concern is that the IP you give, belongs to a rather strange company name, mentioned somewhere just above that IP-adress, namely xxxxxxxRABOBANK.CORP - which was googled by me, and came back as: 'are you perhaps looking for rabobank.com?'

rabobank does have an international IP-adress: RABOBANK.COM

the mail(s) from [email protected] could be 'composed' through cutting and pasting as the receiver thinks. i carefully analyzed the dutch language used, and found typo's and a gramatical error - from a BANK??? - in a 'disclaimer' that comes no way near the one on the official rabobank-site.

the guest booked under a rather suspicious name as well, and no hits at all on that name came up through google. which is odd - the netherland's people are 99,9 % traceable as i know myself, googling for info for my B&B-booking requests.

it might all be explained, who knows.

my concern is that the IP you give, belongs to a rather strange company name, mentioned somewhere just above that IP-adress, namely xxxxxxxRABOBANK.CORP - which was googled by me, and came back as: 'are you perhaps looking for rabobank.com?'

rabobank does have an international IP-adress: RABOBANK.COM

the mail(s) from [email protected] could be 'composed' through cutting and pasting as the receiver thinks. i carefully analyzed the dutch language used, and found typo's and a gramatical error - from a BANK??? - in a 'disclaimer' that comes no way near the one on the official rabobank-site.

I agree that there seems to be some inconsistencies between the foresic information in the header and the actual text of the email. Bear in mind that email headers can be spoofed, but the header you have displayed would be a darn good one, and I do not believe it is a fake. The reply address goes to "rabobank.nl", which is quite correct.

Rabobank is quite real. Please check this Wikipedia entry for information about this Dutch Bank [link]. Right at the bottom are links to the various domains around the world owned by the bank itself, including the .com and .nl variants.

The .CORP you pulled from the header only means something internally to the IT services of the bank. It is not a domain name and could just as easily say "fred.bloggs". I don't pretend to know everything about the technicalities of email headers, mail servers or the way they can be set up, but based on a number of years of reading headers, what you have posted looks perfectly ok to me.

This is the reason I suggested going back to your bank for help. They will be able to contact the Dutch bank through official channels to try and sort it out for you.

It may be a simple error, or perhaps a miscommunication within the banking process, but as there is no immediate indication of a scam in progress, going to your bank would seem to be the most appropriate course of action.

i wrote this post as 'mokummer' - i am not the same as 'carrot end' - who asked the question.
i'm dutch. i know a little bit how the websites of dutch banks work. i have more info about this particular situation than i can write down here - this being an open forum. 'carrot end' and 'mokummer' are just puzzled about technicalities of which you seem to be much more aware. having read (privately) another email in this case, i'm almost sure 'carrot end' was into a scam situation, most likely to get banking and/or identity details. by profession, i am a dutch text editor - i found a few questionable irregularities. 'carrot end' tried to google translate the dutch parts of the mail correspondance with the 'booking guy', but got lost...

thanks a lot for your support - much appreciated!

i have more info about this particular situation than i can write down here - this being an open forum.

Witholding information prevents quality analysis by return, you could be witholding a vital piece of evidence. I cannot possibly assist any further.

Welcome here Carrottop.

For an international transfer banks only need the name of the account holder (or company name) account number, IBAN or bic number. And this:

"Name Fully written.
Place of birth
Nationality
Male or female of account holder"

is not needed. If your client gets back to you saying the transfer won't work and they want to send a cheque, then you know it's a scam! Could you post the emails from the client with headers?

Thanks everyone for looking at this. I will speak to our bank again tomorrow and ask them to contact the Dutch bank themselves to see if the customer service adviser in the email exists.

If it looks like a real email from the Dutch bank then it gets more confusing!

I haven't posted the guests email header simply because it is their business email address and on the off chance this is real I do not want them being fetched by google as scammers.

However if tomorrow our bank cannot find a real bank trail I will post so you can see that info. We did speak to our bank when the original request came in and they assured us they only needed the details David confirmed and would never make a request for those personal details.

I will update tomorrow after speaking to our bank.