The phishing email tells recipients to click a link to reactivate their account.
But those who do are taken to a realistic copy of the NAB internet banking website, designed to harvest victims’ account ID and password.
The plain-text email contains the subject line ‘Notification’ and is sent from email@example.com.
It contains a directive to ‘Click here’ to activate the account, but the link points to a realistic duplication of the real NAB website.
The emails are forged from the address firstname.lastname@example.org.
MailGuard blocked the distribution of thousands of copies of the email this afternoon.
What’s the goal of a phishing website?
A phishing scam is a fraudulent attempt to steal your information or identity for financial gain.
In this case, the perpetrators want victim’s banking details.
Creating a fake website allows them to collect peoples’ account number and passwords without arousing suspicion.
That valuable information is collected and used to make future unauthorised transactions.
Tell-tale signs of phishing scams
- Generic greetings, such as ‘Dear customer’
- A sense of urgency
- Bad grammar or misuse of punctuation and poor-quality or distorted graphics
- An instruction to click a link to perform an action (hover over them to see where you’re really being directed)
- Obscure sending addresses (for example, Hotmail, gmail, Yahoo addresses should set alarms bells ringing)
Advice from NAB on scams
NAB says it’s aware of a similar phishing email targeting customers.
“If you receive this type of email, please forward it to email@example.com and then delete it,” the NAB website advises.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.