It looks like the series of banking-related email scams that MailGuard detected over the last month is far from over. Having imitated banks such as Westpac, ANZ and BankWest recently, cybercriminals have once again spoofed National Australia Bank (NAB) in a bid to steal users’ confidential information.
Sent via several different compromised accounts, this email scam uses the subject line ‘NAB: Check your last BPAY Payment status’. The body of the email message is well-formatted, and informs users that their last BPAY payment has been put on hold. To check their transaction history, they are advised to click on a link.
Here’s the screenshot of the email:
Unsuspecting recipients who click on the link to check their BPAY Payment status are led to a convincing-looking copy of the NAB login page. This is actually a phishing page:
Upon logging in, users are redirected to a security form which asks them to fill in several confidential details, including their credit card information.
Once the form is filled up users are finally redirected to the actual NAB website.
As you can see from all the screenshots above, cybercriminals have taken great pains to replicate official landing pages from NAB – including incorporating the bank’s branding and logo using high-quality graphical elements. All this is done in an attempt to trick the users into thinking the scam is legitimate.
It is also interesting to note that this email scam, ironically, uses a security feature (the form) to steal confidential information from users. This step is included as it serves to add on to the sense of legitimacy evoked by the email. Precisely because such focus on account safety is a common behaviour expected of such a well-established bank, cybercriminals can elicit a more confident response from recipients who think they are, in fact, securely entering into their accounts by clicking on the provided link and providing their confidential login details.
To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
- Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
- Ask you to click on a link within the email body in order to access their website – your bank will always ask you to go to their website directly by typing their URL into your web browser address field, as a precautionary security measure.
- Ask you to submit personal information that the sender should already have access to.
NAB offers a secure online and telephone banking service – if you are concerned about the legitimacy of any online communication you receive, please call them to confirm.
Banks commonly hold a well-established and trusting relationship with customers, so when cybercriminals are looking for good trademarks to use in their email attacks they often brandjack banks.
MailGuard intercepted several other instances of cybercriminals brandjacking well-known banks such as BankWest just last week.
Stop email fraud
Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: