NAB customers become the newest target of phishing scam

By on
A National Australia Bank (NAB) logo is pictured on an automated teller machine (ATM) in central Sydney September 12, 2014.
A National Australia Bank (NAB) logo is pictured on an automated teller machine (ATM) in central Sydney September 12, 2014. Reuters/David Gray/File Photo

NAB account holders have become the most recent target of an email scam that tells victims their account has been disabled. Recipients were prompted to a fake NAB banking website designed to harvest the customers’ account IDs and passwords.

On Thursday night, NAB declared that the fake site has been removed. A spokesperson for the bank said that NAB issued a take-down notice after it learned about the scam.

"We remind customers, NAB will never ask you to confirm, update or disclose personal or banking information via email or text," Sydney Morning Herald quotes the NAB spokesperson as saying. The fraud email came with a subject line “Notification” using the email address

NAB is now warning customers about the scam through its website, advising them to forward the email to then have it deleted. Those who have fallen victim to the scam are advised to call 13 22 65 or contact their local NAB branch immediately.

Phishing scam

The statement was confirmed by MailGuard CEO Craig McDonald. The company has stopped the distribution of thousands of copies of the email on Thursday afternoon. McDonald explained that a phishing scam is designed to steal information or identity for financial gain. For this case, hackers tried to steal the customers’ banking details.

By creating a fraudulent website, McDonald said perpetrators can collect customers’ account numbers and passwords without arousing suspicion. Perpetrators use the banking information they harvest to make future unauthorised charges.

According to McDonald, one way to identify phishing scams is if it uses generic greetings like “Dear customer” and is implying an obvious urgency. Emails scams are usually written in bad grammar. Punctuation is often misused, and graphics are distorted.

In addition, he warned that phishing emails can be identified through an instruction to click. Obscure sending addresses from Hotmail, Gmail and Yahoo may also serve as alarms bells.

Combo David Markus founder David Markus told SmartCompany that launching a fake website is a matter of “a few hours work” for a cyber criminal. He explained that once the site has been created, a criminal can then create several copies of web servers and run the phishing attack several times.

“Phishing attacks have become a numbers game, with hackers looking for the cheapest and most efficient way to get dollars out of our bank accounts, and it’s all about the number of people they catch,” he said. Markus added that for cyber criminals, it’s a good day if they make $100.

Read More: 

Xinja emerges as potential startup bank after federal budget reforms

Topshop Australia enters voluntary administration; Sir Philip Green's Arcadia takes over

KOCO 5 News/YouTube