NAB spoofed once again in a legitimate-looking phishing email scam

Posted by Akankasha Dewan on 12 June 2019 16:39:54 AEST

It looks like the series of banking-related email scams that MailGuard detected over the last month is far from over. Having imitated banks such as Westpac, ANZ and BankWest recently, cybercriminals have once again spoofed National Australia Bank (NAB) in a bid to steal users’ confidential information.

Sent via several different compromised accounts, this email scam uses the subject line ‘NAB: Check your last BPAY Payment status’. The body of the email message is well-formatted, and informs users that their last BPAY payment has been put on hold. To check their transaction history, they are advised to click on a link.

Here’s the screenshot of the email:


Unsuspecting recipients who click on the link to check their BPAY Payment status are led to a convincing-looking copy of the NAB login page. This is actually a phishing page:

NAB login-1

Upon logging in, users are redirected to a security form which asks them to fill in several confidential details, including their credit card information.

NAB qns-1

Once the form is filled up users are finally redirected to the actual NAB website.

As you can see from all the screenshots above, cybercriminals have taken great pains to replicate official landing pages from NAB – including incorporating the bank’s branding and logo using high-quality graphical elements. All this is done in an attempt to trick the users into thinking the scam is legitimate.

It is also interesting to note that this email scam, ironically, uses a security feature (the form) to steal confidential information from users. This step is included as it serves to add on to the sense of legitimacy evoked by the email. Precisely because such focus on account safety is a common behaviour expected of such a well-established bank, cybercriminals can elicit a more confident response from recipients who think they are, in fact, securely entering into their accounts by clicking on the provided link and providing their confidential login details.    

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:

  • Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
  • Ask you to click on a link within the email body in order to access their website – your bank will always ask you to go to their website directly by typing their URL into your web browser address field, as a precautionary security measure.
  • Ask you to submit personal information that the sender should already have access to.

NAB offers a secure online and telephone banking service – if you are concerned about the legitimacy of any online communication you receive, please call them to confirm.

Banks commonly hold a well-established and trusting relationship with customers, so when cybercriminals are looking for good trademarks to use in their email attacks they often brandjack banks.

MailGuard intercepted several other instances of cybercriminals brandjacking well-known banks such as BankWest just last week.

Stop email fraud

Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.

For a few dollars per month, you can protect your inbox with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your email secure: click here.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates




Topics: Phishing ANZ email fraud ANZ scam scam email Threat Update bank scam

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all