You know things are bad when phishers are no longer putting the effort into their phishing emails.
I got this lazy attempt this morning:
This "phisher" has made very little attempt at trying to trick me into thinking this is a legitimate email from Nationwide. He's not hidden or changed the "Sender" field in his email, the "my account activity" link in the document doesn't go to a URL that even remotely looks like a Nationwide URL and the link itself isn't a secure link (no https).
This is clearly one very lazy phisher, and what's sad is there are people out there who will be gullible enough to think this really came from Nationwide and will happily click the link and enter their login details and then wonder why their account is empty a couple of days later.
I just entered bogus details just for shits and giggles and I must say, this is a very poor attempt at phishing. It doesn't even attempt to log you into the Nationwide website or automatically redirect you, thus moving away from the dodgy URL before you realise it's dodgy. Instead he gives you a nice simple "Finish" button to click that directs you to the Nationwide site.
People, please please please, NEVER click on a link in an email that purports to be from your bank. Always use your own bookmarks or type in the URL you usually use to access your bank.