NAB Customers Targeted in new Phishing Email Scam

Posted by MailGuard on 13 January 2022 16:31:59 AEDT

National Australia Bank (NAB) has once again been impersonated by cybercriminals in a phishing email scam designed to steal users’ confidential data.

 

Customers should be wary of an email titled “Please review your account” claiming that their debit card has been blocked.

 

Intercepted by MailGuard, this new phishing scam advises customers that their “debit card has been temporarily blocked” and that “online payments and cash withdrawals can’t be made until the issue is resolved.” To create a sense of urgency, the email also asks to “confirm your details within the next 48 hours.”

 

Sent from “NAB”, the sender name is spoofing National Australia Bank with the actual sender address of “oren(at)orentzo(dot)co(dot)il”, and an email subject reading, “Please review your account”.

 

In this case the scammers have added a degree of sophistication by varying the sender email addresses. Using different SendGrid email addresses i.e. airmaster(dot)com(dot)au(at)sendgrid(dot)net or lynchgroup(dot)com(dot)au(at)sendgrid(dot)net, the scammers aim to avoid being be blocked by email security services.

 

Here’s what the email looks like: 

NAB-email-masked-01

 

When a customer clicks on the “Confirm” link, they are taken to a login page (pictured below) that requests their “NAB ID” and ‘Password’. The suspicious looking phishing page is hosted at https://dynamosinvestigators(dot)com(dot)ng.

NAB-internet-banking-sign-in-masked-01

Once these details have been submitted, users are taken to a page asking to “Confirm your identity” by entering full name and debit card details.  

NAB-internet-banking-confirm-identity-masked-01

 

Following this, users are directed to a page titled “Billing Details” requesting their address and phone number.

NAB-internet-banking-billing-details-masked-01

Next, users are taken to an SMS verification page. The page asks for a ‘PIN’ which has been sent to the mobile phone number provided, mimicking an authentic OTP security process. This technique is often used by cybercriminals to feign authenticity.  

.

NAB-internet-banking-verification-masked-01

 

The final step in the scam, is a ‘Thank You!’ page claiming that “Your card is now unlocked” and can be used anywhere.

NAB-internet-banking-thankyou-masked-01

Financial institutions are always a popular target for scammers, their trusted brands and large customer bases make them an appealing target. Earlier this month MailGuard blocked and reported a similar scam impersonating BOQ.

 

As you can see from the screenshots above, cybercriminals have taken great pains to replicate official landing pages from NAB – including incorporating the bank’s branding and logo using high-quality graphical elements in the phishing pages. All this is done to trick users into thinking the scam is legitimate.

 

However, there are many red flags in the email including the “from” address not matching NAB’s domain name and the address in the email footer is not an Australian address, where NAB is based.

 

If you suspect that you have received a scam email pretending to be from NAB, the bank suggests forwarding it to phish@nab.com.au

 

They advise that"NAB will never suspend your account or send you a link to verify your identity”.

 Further details can be found on their Online Safety Tips page here:  https://www.nab.com.au/about-us/security/online-safety-tips/identify-spam-phishing-messages

MailGuard strongly recommends all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.    

MailGuard urges users not to click links or open attachments within emails that:      

  • Are not addressed to you by name.      
  • Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.      
  • Are from businesses that you were not expecting to hear from, and/or      
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.     

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

Keep Informed with Weekly Updates

 

Topics: Phishing Email Security email filtering email scam NAB Cybersecurity NAB scam scam alert fastbreak

Back to Blog

Comments:


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

    Remember:

    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all