MailGuard have identified and successfully blocked a 0-day email phishing scam campaign purporting to be from New Zealand’s Kiwibank.
Here is a screenshot of the type of email to watch out for:
As you can see in the example above, the subject of the email is, “New Message Notification”, whilst the sender is purported to be the “Kiwibank Internet Banking” team.
The call to action of this email is a, “log in to internet banking” button, which appears below the “you have a new Internet banking message” notification.
Upon clicking the link, you are directed to the fake login page you see above. This is an exact copy of the official Kiwibank login page – the offending cyber criminals have even replicated the anti-phishing information available in the right sidebar of the legitimate website - as highlighted above.
The inauthenticity of this phishing scam is clearly identifiable by the URL, as well as the impersonal nature of the email.
Entering your login credentials into the form directs you to a 'KeepSafe Questions and Answer' verification page.
KeepSafe is Kiwibank’s online authentication tool. Each time a user logs in to their Kiwibank Internet Banking account they are prompted to enter their KeepSafe details as part of their secure two-factor authentication process. You can read more about KeepSafe here.
Unfortunately, this phishing scam preys on Kiwibank customers that rely on the extra layer of protection that the KeepSafe authentication tool provides.
Identify Fake KeepSafe Authentication Scams With Two Simple Tips:
- Kiwibank will never ask you what your KeepSafe questions are.
- You should never be able to type your KeepSafe answers in using your computer keyboard. The official KeepSafe tool requires answers to be entered via a virtual keyboard.
Upon completing and submitting this final form, the victim is redirected to the official Kiwibank logout page. They are led to believe that there may have been a bug in their inability to access their “new internet banking message”, and are prompted to log in again, none the wiser.
Let’s take a look at what information this scammer now has access to:
- Your Kiwibank login credentials (Access Number and Password)
- Your KeepSafe Questions and Answers
This cyber criminal now has access to your bank account, any associated cards linked to your account and the funds/credit you have at your disposal. At the very least you will need to change your password and KeepSafe verification questions.
If you aren’t so fortunate and a scammer gains access to your funds before you find out, it’s a lengthy process to getting stolen funds back and securing all points of access to your network that can leave you vulnerable to infiltration.
As a precaution, we urge you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The URL for Kiwibank’s internet banking login page is: https://www.ib.kiwibank.co.nz
Kiwibank offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by emailing them at firstname.lastname@example.org.
Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.