Akankasha Dewan 23 February 2021 18:23:41 AEDT 4 MIN READ

Warning: ‘Account verification’ email impersonating NAB delivers phishing attack

National Australia Bank (NAB) has once again been impersonated by cybercriminals in a phishing email scam designed to steal users’ confidential data.

Titled ‘Notification !’, the malicious email uses a display name of ‘NAB’. However, the domain used in the sender email address provided in the email’s ‘From:’ field doesn’t belong to the bank – a red flag pointing to the email’s illegitimacy. It actually originates from a mass mailer. The email body contains NAB’s logo. It informs users to complete the bank’s ‘account verification process’ in order to help safeguard their information. A link is provided for users to ‘Log on to Internet Banking’.

Here’s what the email looks like:


Unsuspecting recipients who click on the link are led to an intermediary tracking link, and then to a fake NAB-branded login page asking for their bank ID and password, as per the below:


As you can see from the screenshot above, the page includes NAB’s logo and branding. However, the domain used in the page’s URL doesn’t belong to the bank. This is actually a phishing page. Once users ‘log in’, their login details are harvested for future use. Users are then led to similar NAB-branded pages designed to steal their confidential data, including their credit card details, phone numbers and ID, as per the below screenshots:




The purpose of this phishing scam is to harvest the login credentials of NAB customers so the criminals behind this scam can break into their bank accounts. By typing in your account number and password, you’re handing this sensitive account information to cybercriminals.

If you also confirm your identity by uploading an official ID document, it allows them to attempt other fraudulent actions, such as committing identity theft and trying to access your accounts.

As you can see from all the screenshots above, cybercriminals have taken great pains to replicate official landing pages from NAB – including incorporating the bank’s branding and logo using high-quality graphical elements in the phishing pages. All this is done in an attempt to trick the users into thinking the scam is legitimate.

It is interesting to note that the body of the scam email ironically, uses a safety measure to trick recipients into revealing their details, i.e. asking them to verify their account as part of the bank's 'commitment' keeping users 'safe online'. This only adds on to the sense of legitimacy evoked by the email as updates on account safety are common safety features expected of such a well-established bank. All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details.

Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and that it contains spelling and spacing errors (like ‘Important Inform anon’ and 'Notification !').

Banks commonly hold a well-established and trusting relationship with customers, so when cybercriminals are looking for good trademarks to use in their email attacks, they often brandjack banks. MailGuard has intercepted several email scams impersonating NAB over the years, including this one claiming users’ cards are put on hold, and this one claiming users’ NAB account has been temporarily restricted.

NAB offers a range of information online on identifying phishing and spam messages – if you are concerned about the legitimacy of any online communication you receive, the bank suggests reporting it immediately to phish@nab.com.au.

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 


One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates