Arrives as a HTML email with a varied subject line. An examples of the subject line is as follows:
Important Alert Concerning Your Nationwide Account.
The email contains an official looking message. The source of the message is supposedly from Nationwide Bank itself.
Inside the official looking message will be a hyperlink that, on the surface, looks like it points to the actual Nationwide Bank web site. This link only looks that way -- underneath it points to a different web site altogether.
When the link is clicked a browser window opens taking the user to a website located at an IP address different than that to what the user expects.
At this site the user will be presented with an official looking login form where the user is asked to input information such as their ATM, credit card number, bank account number and associated PINs.
If a user enters in their bank account data, the information is recorded and transferred to a malicious second party.