Jump to content
House Price Crash Forum
Sign in to follow this  
0q0

N S & I New Interest Rates Email - Bogus?

Recommended Posts

I have received an "NS&I" email, it has a spelling mistake in it, click on the links leads to a site other than NS&I - it leads to mxmodd.mxmfb.com

What do the IT experts here think? Genuine or some kind of phishing or trojan?

The email claims to link to new interest rates from today 21 Jan.

Share this post


Link to post
Share on other sites

There is a problem with this website's security certificate.

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website.

Click here to close this webpage.

Continue to this website (not recommended).

More information

Share this post


Link to post
Share on other sites

the html code which I have altered so as not to create links on this post...

<p>We announced new interest rates on 21 January 2009 for some of our variable and fixed rate accounts and investments.</p>

<p>The accounts and investments affected are:</p>

<p><a href="http://mxmodd.mxmfb.com/action/?v=%2Fc%2Fs%2F19689582%2Ff%2F21992165">Direct ISA</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Cash ISA</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Income Bonds</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Investment Account</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Easy Access Savings Account</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Guaranteed Growth Bonds</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Guaranteed Income Bonds</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Children's Bonus Bonds</a> and

a href="http://mxmodd.mxmfb.com/action/?v=%Fixed Interest Savings Certificates</a></p>

<p>The new rates come into effect on 21 Janaury 2009.</p>

Share this post


Link to post
Share on other sites

the html code which I have altered so as not to create links on this post below

from the email they sent:-

<p>We announced new interest rates on 21 January 2009 for some of our variable and fixed rate accounts and investments.</p>

<p>The accounts and investments affected are:</p>

<p><a href="http://mxmodd.mxmfb.com/action/?v=%2Fc%2Fs%2F19689582%2Ff%2F21992165">Direct ISA</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Cash ISA</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Income Bonds</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Investment Account</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Easy Access Savings Account</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Guaranteed Growth Bonds</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Guaranteed Income Bonds</a>,

a href="http://mxmodd.mxmfb.com/action/?v=%Children's Bonus Bonds</a> and

a href="http://mxmodd.mxmfb.com/action/?v=%Fixed Interest Savings Certificates</a></p>

<p>The new rates come into effect on 21 Janaury 2009.</p>

Edited by The Last Bear

Share this post


Link to post
Share on other sites

Post the link, but a whois for this top level domain returns this information. This is a 100% phishing e-mail. Whether this bloke is responsible for the sub-domain I don't know.

WHOIS information for: mxmfb.com:

[whois.tucows.com]

Registrant:

Emailcenter UK Limited

Unit 1

Kingthorn Park

Bradden Road

Greens Norton, Northamptonshire NN12 8BS

GB

Domain name: MXMFB.COM

Administrative Contact:

McSweeney, Jason jason.mcsweeney@emailcenteruk.com

Unit 1

Kingthorn Park

Bradden Road

Greens Norton, Northamptonshire NN12 8BS

GB

+4401908350921

Technical Contact:

McSweeney, Jason jason.mcsweeney@emailcenteruk.com

Unit 1

Kingthorn Park

Bradden Road

Greens Norton, Northamptonshire NN12 8BS

GB

+4401908350921

I have received an "NS&I" email, it has a spelling mistake in it, click on the links leads to a site other than NS&I - it leads to mxmodd.mxmfb.com

What do the IT experts here think? Genuine or some kind of phishing or trojan?

The email claims to link to new interest rates from today 21 Jan.

Share this post


Link to post
Share on other sites
I have received an "NS&I" email, it has a spelling mistake in it, click on the links leads to a site other than NS&I - it leads to mxmodd.mxmfb.com

What do the IT experts here think? Genuine or some kind of phishing or trojan?

The email claims to link to new interest rates from today 21 Jan.

It's a fairly obvious phishing email if the link takes you to anywhere other than the NS and I site. Hotmail is pretty good at picking up on phishing mails and bungs them straight into the junk-can't speak for others as i tend not to use them. At risk of stating the obvious, definitely do not attempt to log in to NS and I via the link as you will put your account at risk. Only ever log into your account via the site directly accessed and ALWAYS check the address in the addy bar at the top before entering any sensitive details like password etc.

Edit: To err on the side of caution, also clear out your internet cache deleting everything including offline content if you opened the mail then close and reopen browser before you attempt to log into anything of a personal nature thereafter.

Edited by stonethecrows

Share this post


Link to post
Share on other sites

Thanks Warpig and all, I just noticed in time as I clicked the link, then quickly closed my browser.

First time I've been fooled by a Phisherman! :lol:

Share this post


Link to post
Share on other sites

The html addresses you quote are identical to ones in an email I got from NS&I back in November. My emails come to a special address supplied only to NS&I when I opened my account, so I'm happy that my emails are genuine.

Share this post


Link to post
Share on other sites

http://www.emailcenteruk.com/maxenews/arch...text_emails.htm

5) Tracking links

If you are using a solution such as Maxemail that tracks click-thru’s you might decide not to track plain text emails. This is because these links will appear to be something like http://mxmoda.mxmfb.com/sguns/411/1/2697021/0 rather than a normal web link such as www.emailcenteruk.com.

These links will appear alien to your customers. As the plain text email is only received by a small percentage of your list you may feel that turning the tracking links off is acceptable.

It might be spoof, but just looks like poor web coding to me.

What do I know. :unsure:

Share this post


Link to post
Share on other sites

If anyone's bought NSI index linked certs and they were popular on here , there is a thread on Cash ISA's and Savings Accounts you should look at .... some people will be dissapointed i'm afraid .

Share this post


Link to post
Share on other sites
I have received an "NS&I" email, it has a spelling mistake in it, click on the links leads to a site other than NS&I - it leads to mxmodd.mxmfb.com

What do the IT experts here think? Genuine or some kind of phishing or trojan?

The email claims to link to new interest rates from today 21 Jan.

I think it's ok NS&I just use these people http://www.emailcenteruk.com/ to send out their emails.

Share this post


Link to post
Share on other sites

Its email marketting.

Typical approach taken by noddy IT in a noddy organisation who know next to nothing about IT Security or information security. In this case, looks like they are sending genuine emails via a third party, with third party links that then direct you back to NS&I; net result is NS&I can see how successful their marketting campaigns are, and gets lots of nice statistics.

Downside is it looks like a phishing email, and makes it even easier for fraudsters because NS&I customers are used to seeing NS&I emails sent via third parties (with strange looking URL's).

To the OP you were right to be suspicious. If that were my bank, i'd give them hell.

Share this post


Link to post
Share on other sites
Its email marketting.

Typical approach taken by noddy IT in a noddy organisation who know next to nothing about IT Security or information security. In this case, looks like they are sending genuine emails via a third party, with third party links that then direct you back to NS&I; net result is NS&I can see how successful their marketting campaigns are, and gets lots of nice statistics.

Downside is it looks like a phishing email, and makes it even easier for fraudsters because NS&I customers are used to seeing NS&I emails sent via third parties (with strange looking URL's).

To the OP you were right to be suspicious. If that were my bank, i'd give them hell.

Bizarre! We have a mix of opinions here, some of you think it's phishing and some don't. My thanks though to everyone for trying to help.

If it is genuine, lesson is as MikeW says, don't send emails out to customers that look sus with alien URLs on links.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • 284 Brexit, House prices and Summer 2020

    1. 1. Including the effects Brexit, where do you think average UK house prices will be relative to now in June 2020?


      • down 5% +
      • down 2.5%
      • Even
      • up 2.5%
      • up 5%



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.