Clients of one of Australia’s four biggest banks have been targeted by online scammers hoping to damage their reputation and steal your confidential information.
The latest scam, found by email security firm MailGuard, has uncovered many different scam centres pretending to be NAB.
Here’s how it works:
Clients receive an email- meticulously crafted to look like an official NAB email by copying the source code- it’s virtually impossible to tell the difference just by looking at the emails alone.
The email comes with a worrisome title, prompting the user to open the email and find that their “previous BPAY payment” was “put on hold”.
Of course, this is not the case. They are merely saying this to get you worried.
The scam email advises the possible victim to click on a given link to verify their transaction history to make sure the payment can be processed.
Unsuspecting recipients who click on the link to look at their BPAY Payment standing are directed to yet another meticulously crafted copy of the NAB login page.
This is, in fact, a phishing page.
This phishing page has nothing to do with NAB at all and is completely set up by the scammer.
Upon entering their information, the fraudulent login page then redirects to a safety form which asks clients to fill in many confidential details, including their credit card info.
Any information entered up until this stage is passed over to cybercriminals. This means passwords, addresses, names, credit card details, phone numbers, and other seemingly useless information like the name of your first pet (which can be used to bypass security questions).
After they enter all this information, the phishing site redirects them to the real NAB site.
To defend yourself against phishing scams:
Look out for several telltale signs:
- Email is not from official NAB domain (…@NAB.com.au); if it’s anything @gmail.com, it’s instantly a scam.
- Check your banking app for pending payments (You may have pending payments if you’ve used your card recently, don’t be surprised.)
- Check the link before clicking to see if it brings you to the actual NAB site (NAB.com.au). Take extra caution to make sure it’s not, “NAB.com” or “NAB.au” or “NAB.net” for example.
- Find NAB’s number via their site and call them to confirm this pending payment. Do NOT use the number provided in the potential scam email.