Legitimate-looking ‘account verification’ email spoofs NAB, delivers phishing attack

Posted by Akankasha Dewan on 16 September 2019 17:20:23 AEST

National Australia Bank (NAB) continues to be a favourite among cybercriminals who are looking to steal users’ confidential information.

The bank has once again been spoofed in a new phishing email scam. First detected by MailGuard earlier today morning (AEST), the email scam originates from multiple senders, all belonging to a single compromised domain. It uses the display name ‘National Australia Bank’. The body of the email informs recipients that their account has been ‘restricted’ due to ‘irregular activity’. To restore their account, recipients are advised to click on a link.

Here is a screenshot of the email:

NAB Convincing 2

Unsuspecting recipients who click on the link are led to a fake NAB-branded phishing page that asks users for their net-banking information such as their NAB ID and password.

Here is a screenshot of the page:

NAB page 1 (2)


Once users have ‘logged on’, users are led to a page titled ‘Verify your account’ that asks them to enter a ‘SMS Security Code’, as per the below:

NAB and sms (2)

MailGuard understands that at this stage, clicking on either button (OK / Resend) leads to a dead end, as per the below screenshot. It's unclear whether this was planned by the scammers or it was a page that was removed at a later stage.

NAB dead end (2)

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not respond to it.

As you can see from all the screenshots above, cybercriminals have taken great pains to replicate official landing pages from NAB – including incorporating the bank’s branding and logo using high-quality graphical elements in the email. All this is done in an attempt to trick the users into thinking the scam is legitimate.

It is also interesting to note that this email scam, ironically, pretends to use a security feature (the SMS verification code) in order to steal confidential information from users. This step is included as it serves to add on to the sense of legitimacy evoked by the email. Precisely because such focus on account safety is a common behaviour expected of such a well-established bank, cybercriminals can elicit a more confident response from recipients who think they are, in fact, securely verifying their accounts by clicking on the provided link and providing their confidential login details.    

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
  • Ask you to click on a link within the email body in order to access their website – your bank will always ask you to go to their website directly by typing their URL into your web browser address field, as a precautionary security measure.
  • Ask you to submit personal information that the sender should already have access to.

NAB offers a secure online and telephone banking service – if you are concerned about the legitimacy of any online communication you receive, please call them to confirm.

Banks commonly hold a well-established and trusting relationship with customers, so when cybercriminals are looking for good trademarks to use in their email attacks they often brandjack banks.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all