CUSTOMERS of the world's biggest building society were today urged to beware, after The Press discovered the Nationwide had fallen victim to "phishing".

Computer hackers sent emails to people purporting to come from "Nationwide Bank Online", and asking for their membership details as part of a hi-tech scam.

One was sent to The Press Chief Reporter Mike Laycock, who happens to have a Nationwide account.

It said: "Dear Valued Customer. Our technical service department has recently updated our online banking software, and due to software upgrade, we kindly ask you to follow the reference given below to confirm your membership details.

"Failure to confirm your membership details will suspend you from accessing your banking online."

A click on a link would have brought up the society's logo and catchphrase "proud to be different", and forms asking for details such as his customer number, memorable data and pass number.

But the phishers were not as clever as they might have thought they were, leaving two clear clues in the original email that it might not really have come from the Nationwide.

It was signed: "Nationwide Builing Society"- with the "d" missing, and also said Nationwide plc - when the building society is not a PLC.

And the Nationwide confirmed to The Press: "It is indeed a phishing email."

A spokesman said "phishing" involved fraudsters sending emails claiming to come from banks and building societies, in an attempt to trick customers into divulging account details and other important personal information.

He stressed that online fraud was an industry-wide issue, and not something unique to Nationwide, adding: "Nationwide will never request confidential information or security details in an e-mail.

"These emails should be deleted immediately without responding and members must not follow any links that are sent to them via email."

Within a day of our initial inquiry to the building society, the link was blocked with the message: "Our apologies, but our website was hacked and the URL you were directed to here on our site was part of a phishing scam to harvest and collect your user information for your bank.

"We have removed the offending pages and tightened up security to hopefully prevent this happening again."

The society spokesman said the message resulted from Nationwide investigating the phishing email and contacting the website host.

"It is the host's website that has been hacked and it will be the host that has placed this email on the website."

Customers can take two simple steps for peace of mind

NATIONWIDE said it had recently emailed customers to advise them how to ensure emails had genuinely come from the society.

Marketing controller Mike Evemy said there were two key things customers should do.

The first thing was to check the email contained their postcode. "This is information the people who send phishing emails will not have. So, for your peace of mind, we will include it as "proof of authenticity" at the top and bottom of every email we send you in future."

The second thing was to check that the email did not request any confidential details or security information, such as account details or PIN numbers.

"We will never do this in an email. Nor will we direct you to a website requesting you to enter your personal security details, said Mr Evemy.

"These two checks should satisfy you that the email has indeed come from us. You can, of course, ignore the email and delete it from your system.

"Also, you might want to visit www.getsafeonline.org - a Government-sponsored website offering advice on various aspects of online security, including stopping viruses, blocking hackers and avoiding spam email."

He said the Nationwide would never share customers' email address with anyone else. "If any third party claims they've received your details from Nationwide, please contact us immediately."

Updated: 11:17 Friday, May 19, 2006