Gabi Power 13 May 2022 07:53:25 AEST 4 MIN READ

Bank of Queensland (BOQ) Impersonated Again in New Phishing Scam

Bank of Queensland (BOQ) customers are once again being targeted in a new phishing email scam. This is the third email of its kind that MailGuard has intercepted and blocked in the last 12 months, with BOQ being impersonated in a similar fashion earlier this year, and in August 2021, most likely due to their trusted name and large customer base.

The subject line to the latest scam email reads “Dear BOQ Customer You Have 1 New Important Message”. The sender name shows ‘BOQ Internet Banking’ and the email address convincingly displays as ‘boqinternetbanking(at)boq(dot)com(au).

Although the email shows the BOQ logo and copyright information to add a sense of legitimacy, the email begins with an impersonal “Dear BOQ Customer”, which is a common indicator of a scam email. The email continues on to inform the user that “Your Online Banking Message Center Have 1 New Important Message Waiting’, and then instructs them to log on to view the message.

 Here’s what the email looks like:  

Mark up - Dear BOQ Customer You Have 1 New Important Message - Mozilla Thunderbird_889


After the user clicks the link, they’re taken to the phishing site which is a replica of the login page currently used by BOQ. A true sign of the page’s inauthenticity is the URL, which shows that the user is in fact not on the BOQ website.

The page asks for their ‘Customer Access Number’, ‘User ID’ and ‘Password’. When these details are entered and the ‘Log On’ button is pressed, the user is redirected to the legitimate BOQ website.


BOQ IB — Mozilla Firefox_890


While the login page and elements of the email are relatively convincing, always be on the lookout for poor grammar, as seen in the subject line and email copy, and make sure to check a hyperlink’s destination before clicking on it. You can do this by hovering over the linked text until a popup with the URL appears.

BOQ advises customers “If you receive a link posing to be from BOQ, report it to us immediately via

If in doubt, contact BOQ urgently on 1300 55 72 72 (24 hours a day, 7 days a week).

MailGuard strongly recommends all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.    

MailGuard urges users not to click links or open attachments within emails that:      

  • Are not addressed to you by name.      
  • Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.      
  • Are from businesses that you were not expecting to hear from, and/or      
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.     

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

Keep Informed with Weekly Updates