Email scam spoofing NAB strikes again; delivers malicious payload

Posted by Akankasha Dewan on 05 September 2019 16:38:05 AEST

Last week, we intercepted a phishing email scam purporting to be from NAB, claiming that recipients' cards had been put on hold. 

Now, a similar email scam is infiltrating inboxes - this time tricking NAB users by delivering a malicious payload. First detected on the 3rd of September 2019, around noon (AEST), this email scam has been sent via two different compromised email addresses and use a display name of ‘Nab Online’. Just like last week's email scam, the body of these emails inform recipients that a hold on their card has been placed due to usage being detected ‘in a different location’. The email urges recipients to visit any NAB bank ‘to resolve this problem’, or ‘download the attached form and get verified within minutes’.

Here is a screenshot of the email:

NAB online message


MailGuard understands that unsuspecting recipients who open the attachment form are required to fill in a form asking for their user credentials and personal info. Once this is submitted, these details are harvested and the user is redirected to a fake confirmation page.

This message contains several typical elements of a malicious email:

  • use of a major brand name to inspire false trust; the usage of the supposed ‘NAB’ domain boosts the credibility of the email,
  • urgent subject line; telling the recipient that there is ‘one new important message’ urges the recipient to take immediate notice and action
  • evokes a sense of anxiety; claiming that recipient’s card ‘has been placed on hold’ creates panic.

The elements above are meant to convince the victim they are taking appropriate action by downloading the form and submitting their details.

Although the email claims to be a bank notification, this is not an exceptionally well-made scam email. It displays grammatical errors, such as ‘Its to notify you’, that should be a big red flag alerting recipients to the inauthenticity of the email. In addition, the recipient is not addressed directly - again a well-known tell tale sign of malicious emails.

This scam is very similar to other recent online banking scams, which have also targeted customers of Westpac bank and Zenith Bank. With an increase in customers now managing their finances online, cybercriminals are employing a wide range of techniques to trick users into surrendering their account details, and funds.

NAB offers a secure online and telephone banking service – if you are concerned about the legitimacy of any online communication you receive, please call them to confirm.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all