A colleague has received an email allegedly from NatWest asking him to click on a link and confirm details of his account. The email looks authentic, sporting the NatWest logo etc. Is the best response to simply delete it or to advise the bank? My colleague is not a NatWest customer. Jim Mc Allister
Delete it. Millions of these phishing emails are sent out every day, and if everyone reported them, the banks would be deluged. There is a community effort called the Phishing Incident Reporting and Termination (PIRT) Squad, which is dedicated to taking down the fake web sites used to collect victims' financial details. This is the key to making phishing spams pointless, but I don't know if it is having any success. See: http://wiki.castlecops.com/PIRT
Backchat: Paul Laudanski of the Phishing Incident Reporting and Termination (PIRT) Squad, which I mentioned, says to send them to pirt@castlecops.com. Christina Murdoch sends the ones purportedly from financial institutions to reports@banksafeonline.org.uk, and says: "eBay and PayPal phishing emails can be forwarded to spoof@ebay.co.uk and spoof@paypal.com". Martin Humphries sends "West African 419 fraud emails to Fraud Alert, the Metropolitan Police initiative, at fraud.alert@met.police.uk."
Keith Williamson, of Scientific Software Systems Ltd, adds: "I quite often click on the links in these messages to see if they still work (I have a professional interest, being involved in finance sector IT). In the vast majority of cases they don't, because the offending web page has already been taken down. This suggests that anybody who is taken in by such scams must be very quick off the mark."
