Gone phishing
We are constantly reminded about the dangers of social engineering security breaches, such as phishing attacks. So, you'd think that a responsible financial institution would be sensitive to the advice that we're given, which includes being wary of emails purporting to be from one institution, but coming from a different domain.
In the case of Nationwide Building Society, think again.
It may use the nationwide.co.uk domain, but I receive communications from nationwide@nationwide-communications.co.uk, containing links to nationwide-service.co.uk. Does that sound suspicious, if not scammy, to you? Because it does to me.
That's three different domains, when a single one with communications.nationwide.co.uk and service.nationwide.co.uk subdomains would suffice; if communications and service even need to be separated, beyond an email address, in the first place. I raised this as a security concern, to which their response was along the lines of meh!
So, all of those emails get sent to junk mail.
Really, how can these fools expect security to be taken seriously, when they don't follow the basic rules themselves? (SMH)