Mailguard has intercepted new criminal-intent emails that are designed to send victims to a fake St George Bank login page.
As can be seen in the screenshot of the email the message is very brief and simply formatted.
The message shows the sender ID ‘St. George Bank,’ but the actual sender address domain is ‘uoguelph[dot]ca’ which clearly is not a St George domain.
The email states ‘please note that Your St.George Bank Account has been terminated’ and asks the recipient to click on a link to restore their account.
The message is not formatted in a way that resembles a real bank notification, which would probably alert a lot of recipients to be cautious. The scammers who created this message are relying on the urgency and shock value of the message to persuade people to click the link.
Anyone unwary enough to click on the link is taken to the screen above, which is a fake St George Bank login page. This page is on an unsecured domain ‘belaloloca[dot]com[dot]br’; genuine bank login pages are hosted on secure domains not generic websites like this one.
Unlike the email message, this login screen is quite a convincing fake, with realistic St George branding.
The fake login screen asks the scam victim to enter their bank login details: card number; security number; and internet password and then takes them to a second login page, pictured below:
This second screen titled ‘Internet Banking Verification’ asks for the victim’s date of birth, driver’s licence number and Medicare number.
These details are not requested by the authentic St George login procedure, but the criminals behind this scam want to harvest these personal details to make it easier for them to perpetrate identity theft against their victims.
This criminal-intent email is an example of brandjacking; a type of fraud that uses the well-known and trusted logos of big companies to win the trust of unsuspecting victims.
St George Bank has an advisory page where they offer advice on how to avoid fraud. St George offers this advice about email scams:
‘Some ways to spot a hoax email:
In the event that their customers receive fraudulent email, St George advises them to call the bank on 13 33 30 for advice.
Always hover your mouse over links within emails and check the domain they’re pointing to. If they look suspicious or unfamiliar don’t open them.