Email purports to be from NAB, delivers phishing attack

Posted by Akankasha Dewan on 22 November 2018 16:50:12 AEDT

Imitating leading financial institutions such as banks to gain access to users’ confidential data isn’t exactly a new trick adopted by cybercriminals, but it is still one to be wary of. MailGuard intercepted one such phishing email scam purporting to come from National Australia Bank (NAB).

Using a display name of ‘Nab DEFENCE’, the emails actually come from one of several malicious senders. They inform recipients about a recent funds transfer that is suspected to not have been initiated by the recipient. To cancel the transaction, the email directs recipients to click on a link.

Here is a screenshot of the email:

NAB phishing run

Recipients who click on the link are led to a fake NAB website, designed to trick users into entering in their bank login details.

This message contains several typical elements of a phishing email:

  • use of a major brand name to inspire false trust; the ‘from’ field shows ‘Nab’ as the sender,
  • false urgency; telling the recipient that a suspicious transfer has been made in their name to create a sense of anxiety,
  • and the startling subject line; ‘CRITICAL: Transfer Dispute’ also urges the recipient to take immediate notice and action

The elements above are meant to convince the phishing victim they are taking appropriate action by clicking on the links.

Although it claims to be a bank notification, this is not an exceptionally well-made phishing email; it displays several errors in the text formatting and sentence construction. Grammatical errors, such as ‘If you don’t have initiated this transfer’, should be a big red flag alerting recipients to the inauthenticity of the email.

This phishing campaign is very similar to other recent online banking scams, which have also targeted customers of Westpac bank and ANZ. With an increase in customers now managing their finances online, cybercriminals are employing a wide range of techniques to trick users into surrendering their account details, and funds.

What is "phishing?"

Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain. 

Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.

A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.

Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services. 

Secure your inbox

Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious emails, like the one above, entering your network. 

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing email scam NAB Cybersecurity cybercrime

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all