Another 2 emails targetting Natwest customers overnight, both through the same email address and both very similar.
The first is a scheduled maintenance. So obviously, when banks do this customers have to sign on to remind the banks of their security details. Not really a convincing excuse, is it? Instead of the NOF, it's now the NCF (the Natwest Customer Form) - that's making a few appearances.
The target URL is http://www.natwest.com.tknnt.me.uk/serverstack/usersdirectory/ncf.aspx?pc=[removed]&id=[removed], so it's sent by the group of people who are tracking which recipient PCs click on the links. Actually, the email content is the same as last Thursday's - I just didn't record which email address Thursday's arrived through.
Here's the content.
Dear customer of NatWest bank,
We are running a scheduled maintenance on our servers. We want to make sure your money and your personal details are safe and secure.
Due to new security policies all NatWest bank customers must complete the Natwest Customer Form.
To complete the form, please use the link below:
Natwest Customer Form
This should take you directly to the Natwest Customer Form.
Natwest Customer Service