A new email scam mimicking a Big Four bank is currently circulating around Australian inboxes, falsely informing recipients that accounts have been disabled.
In a bid to reverse the issue, the phishing email instructs users to click a link to reactivate their account, before loading a realistic copy of the National Australia Bank (NAB) internet banking website, designed to harvest victims’ account ID and password.
Containing the subject line ‘Notification’ the plain-text email is sent from email@example.com, and contains a directive to ‘click here’ to activate the account, but the link points to a duplication of the real NAB website.
With the emails forged from the address firstname.lastname@example.org, security provider MailGuard blocked the distribution of thousands of copies of the email on the afternoon of 25 May.
“A phishing scam is a fraudulent attempt to steal your information or identity for financial gain,” MailGuard CEO Craig McDonald said.
“In this case, the perpetrators want victim’s banking details. Creating a fake website allows them to collect peoples’ account number and passwords without arousing suspicion.
“That valuable information is collected and used to make future unauthorised transactions.”
According to McDonald, tell-tale signs of phishing scams include generic greetings such as ‘Dear customer’ and a clear sense of urgency, alongside bad grammar or misuse of punctuation and poor-quality or distorted graphics.
In addition, McDonald said phishing emails can be identified through an instruction to click a link to perform an action - “hover over them to see where you’re really being directed”.
Obscure sending addresses such as Hotmail, gmail, Yahoo addresses should also set alarms bells ringing for users.
NAB was quick to confirm the circulation, claiming that it’s aware of a similar phishing email targeting customers.
“If you receive this type of email, please forward it to email@example.com and then delete it,” the NAB website advised.