A zero-day phishing scam has hit Australian email users in a bid to steal online banking and phone banking credentials. The phishing email purports to be sent from ‘St George Internet Banking’.
At the time that this threat was detected by MailGuard, no other antivirus vendor was blocking the malicious URL contained within the email. MailGuard is consistently between 2 to 48 hours ahead of competitors in blocking zero-day or new variants of phishing scams.
Here is a sample of the phishing email:
The email is not addressed to the email recipient specifically, and states that their account has been suspended due to a profile error. In order to resolve the supposed issues, the recipient is asked to click a link within the email.
The URL points to a hacked Australian website, where a landing page has been built to host the phishing scam.
Here is a sample of the landing page which looks similar to the legitimate St. George internet banking login page:
The cybercriminals behind this attack are seeking standard banking credentials on the first page. Clicking ‘Log On’ takes the user to a second phishing page which seeks further information:
This attack is quite typical of most phishing emails, and if successful the cyber criminals will yield a significant amount of personal information from victims, including;
- Credit Card Numbers
- Security Numbers
- Internet Passwords
- Verbal Passwords (for Phone Banking)
- Date-Of-Birth
- Drivers License Numbers, and
- Mobile Phone Numbers
Some giveaways that the scam is fake include:
- The URL for the St. George Online Banking website is not the legitimate URL https://ibanking.stgeorge.com.au/ibank/loginPage.action
- You can see in figure 2 that one of the images is distorted, and
- In figure 3, the HTML is not laid out correctly and there are errors that a keen eye should be able to easily discern.
St.George Bank offer tips on their website on how to be smart online.
How can I protect myself from these types of email scams?
To protect your business against scams like these phishing emails impersonating banks:
- Beware of emails that contain grammatical or branding errors, but purport to be from reputable organisations that you weren’t expecting
- Are not addressed to you personally
- Always hover your mouse over the links contained in emails in order to check their legitimacy – don’t click them unless you are sure they are safe
- To ensure complete safety, type the URL into your browser or navigate through Google search to find the actual website and enter your credentials
- Be particularly wary of emails asking you to supply personal details that the purported organisation should already know, especially those which ask for credit card or bank account details
If you are ever unsure if an email is legitimate, contact the bank directly before filling any details in online or clicking links contained within an email.
Adding a cloud-based email filtering solution will reduce your business’ risk to staff falling for scams and possibly giving cyber criminals access to your company bank accounts.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.
