The NAB Bank's branding has been exploited by criminals in a new phishing fraud detected by MailGuard.
The email shown above appears to be a notification from the bank advising the recipient that their account “is now locked.”
The message contains several typical elements of a phishing email:
- use of a major brand name to inspire false trust; the “from” field shows “N.A.B.” as the sender,
- false urgency; telling the receiver their account is locked is designed to create a sense of anxiety,
- and the subject line; “protection against fraud” is meant to reassure the victim.
The elements above are meant to convince the phishing victim they are taking appropriate action by clicking on the links.
Although it claims to be a bank notification, this is not an exceptionally well-made phishing email; it displays several errors in the text formatting and sentence construction.
The links in this email direct the victim to a fake bank login page:
Unlike the email message, this phishing page is actually well designed and gives a superficial impression of authenticity.
If the phishing victim is unwary enough to enter their ID and password, they will be moved along to this page, which harvests their credit card details. With this much detailed information about their victim, it would be relatively easy for the criminals conducting this attack to fraudulently exploit their credit card.
On their website, NAB advises their customers; "if you have received a suspicious email or text message and have responded to it, please call 13 22 65 or contact your local branch immediately."
Share this alert:
Please help us warn people about this phishing attack by sharing it on your social media network.
— MailGuard (@MailGuard) August 20, 2018
What is "phishing?"
Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain.
Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.
A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.
Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services.
Secure your inbox
Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious emails, like the one above, entering your network.
Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: