Four weeks ago, I shared the interesting case of 53.com, a real bank website whose numerical domain name confuses some members of the PhishTank community (not easy… discerning bunch!). The submission cited in that post remains undecided, although it’s (correctly) leaning toward “NOT a phish.”

I want to call attention to another example today.

The submission is 36895. There are nearly 250 votes on this submission, with a slight majority correctly recognizing that this is NOT a phish.

Why the confusion? The website is branded as NatWest, a major bank in the United Kingdom, but the domain name is nwolb.com (go to the submission to see the entire URL submitted).

The registrant for nwolb.com is:

The Royal Bank of Scotland Group plc
Waterhouse Square
138-142 Holborn
London EC1N 2TH
UK

NatWest was purchased by Royal Bank of Scotland Group in 2000, so this is legit.

You can also simply start at NatWest.com. Click the button at the top right titled “Log in.” The link redirects to…you guessed it…https://www.nwolb.com/ (with lots of other session/security stuff on the end of the URL).

I’m sure there are technical reasons, or historical business reasons, why the online bank lives on a different URL than the corporate website, but it’s certainly led to some confusion among an ever-more cautious online crowd.

If you have not yet voted on 36895, please vote “NOT a phish.”

Related note

In the comments about 53.com, some asked why we (the PhishTank administrators) don’t go ahead and decide this submission once and for all. My answer remains the same: as long as this is undecided, we will not step in. PhishTank administrators will step in to overrule false positives, if necessary. It rarely has been: maybe three times in nearly 25,000 submissions as I write this post.

The moderators are instrumental in flagging confusing submissions and drawing attention to possible problems, though they don’t overrule the community.