Businesses warned of a malicious NAB email scam: Expert warns “unsophisticated” attacks can still hit you

SmartCompany, May 26, 2017

A simple email phishing attack impersonating big four bank NAB was reportedly sent to thousands of Australians yesterday [25 May], notifying them their account was disabled in an attempt to steal users’ banking details.

Mailguard reports the email was sent around on Thursday afternoon, stemming from a legitimate looking email address,”discharge.authority@nab.com.au”.

Read more: Businesses lost over $3 million to scams in 2016

The subject line included just the word “Notification” with the email itself being nothing more than a four line message telling customers their account had been “disabled”.

The malicious email then directed users to a website with a realistic-looking NAB login screen, inviting users to enter their NAB ID and password. The website included links to register for a NAB account and “forgotten password” prompts to boost the appearance of legitimacy.

The purpose of a phishing scam is to steal an unsuspecting users’ login details or personal data by posing as a legitimate company. Examples in the past have included emails appearing to be from Australia Post, Amazon, and Twitter.

In response, Fairfax reports NAB had successfully issued a takedown notice for the fake website, with a spokesperson saying “we remind customers, NAB will never ask you to confirm, update or disclose personal or banking information via email or text”.

On the bank’s website, it advises customers to forward any malicious emails to spoof[at]nab.com.au and then delete the email.