Email security vendor MailGuard has detected a phishing attack aimed at NAB customers.
Curiously, the bait message is "not an exceptionally well-made phishing email", according to MailGuard, whereas the fake website to which it lures the unwary is "actually well designed and gives a superficial impression of authenticity."
We think that's being generous: In our opinion, the email sticks out like a sore thumb. All the usual clues are there: failure to address the customer by name, a ‘From’ address that doesn't match the organisation, horrible typography, and spelling and punctuation errors.But as MailGuard points out, it also has some of the typical elements of scam emails, including an attempt to inspire a sense of urgency - "your N.A.B Card is now locked?".
If anyone is fooled by the email, the phishing site starts by collecting their NAB ID and internet banking password, and then asks for the victim's full name, date of birth, OSID, card number, expiration date, CVV and credit limit.Hello? The real bank already knows all this! Anyone falling for the scam has given the crooks enough information to make transactions using their credit card, even in situations where Verified By Visa or similar systems are used to help ensure that the card is being used by the accountholder.
NAB's advice is "If you have received a suspicious email or text message and have responded to it, please call 13 22 65 or contact your local branch immediately."
"NAB will never ask you to confirm, update or disclose personal or banking information via a link in an email or text message."
