Menu
Big Four targeted as NAB phishing scam hits Aussie inboxes

Big Four targeted as NAB phishing scam hits Aussie inboxes

Hackers target user bank details through dodgy account links.

A new email scam mimicking a Big Four bank is currently circulating around Australian inboxes, falsely informing recipients that accounts have been disabled.

In a bid to reverse the issue, the phishing email instructs users to click a link to reactivate their account, before loading a realistic copy of the National Australia Bank (NAB) internet banking website, designed to harvest victims’ account ID and password.

Containing the subject line ‘Notification’ the plain-text email is sent from discharge.authority@nab.com.au, and contains a directive to ‘click here’ to activate the account, but the link points to a duplication of the real NAB website.

With the emails forged from the address discharge.authority@nab.com.au, security provider MailGuard blocked the distribution of thousands of copies of the email on the afternoon of 25 May.

Screenshots of phishing email and fake NAB landing page (Photo - MailGuard)
Screenshots of phishing email and fake NAB landing page (Photo - MailGuard)

“A phishing scam is a fraudulent attempt to steal your information or identity for financial gain,” MailGuard CEO Craig McDonald said.

“In this case, the perpetrators want victim’s banking details. Creating a fake website allows them to collect peoples’ account number and passwords without arousing suspicion.

“That valuable information is collected and used to make future unauthorised transactions.”

According to McDonald, tell-tale signs of phishing scams include generic greetings such as ‘Dear customer’ and a clear sense of urgency, alongside bad grammar or misuse of punctuation and poor-quality or distorted graphics.

Screenshots of phishing email and fake NAB landing page (Photo - MailGuard)
Screenshots of phishing email and fake NAB landing page (Photo - MailGuard)

In addition, McDonald said phishing emails can be identified through an instruction to click a link to perform an action - “hover over them to see where you’re really being directed”.

Obscure sending addresses such as Hotmail, gmail, Yahoo addresses should also set alarms bells ringing for users.

NAB was quick to confirm the circulation, claiming that it’s aware of a similar phishing email targeting customers.

“If you receive this type of email, please forward it to spoof@nab.com.au and then delete it,” the NAB website advised.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags emailNAB

More about AustraliaHotmailNABNational Australia BankYahoo

Show Comments
[]