Fake Online Banking Alert issued
Today’s phishing email is not masquerading as a PayPal email. Today’s phishing email is targeting National Australia Bank (NAB) online users. The phishing email uses a fake Online Banking Alert to trick users. However, no such alert has been issued. This email is a scam.
We have reproduced the email in Figure A. The subject line is “Online Banking Alert”. The sender of the email is ”NAB Bank”. There is a typical NAB logo fixed top the left hand corner of the email. The greeting used is “Online Banking”. The email consists of four sentences. There is one link with the anchor text “Sign on”. A copyright notice of sorts is at the foot of the email.
Once again, the email claims that verification of the user’s account is required. The verification is mandatory, according to the email. If the user does not comply, account deactivation follows. The email advises to proceed with account verification immediately. As mentioned, a link is provided.
The email uses the guise of an online banking alert to pressure the recipient. It’s a basic social engineering trick. Many people are conditioned to respond to an alert.
This email is a scam. There are three red flags that the email is bogus. The first sign is the greeting. It is a generic greeting. Banks will use your name in an email. There is a big giveaway in the spelling of mandatory. It is a typo.
Going further, there are several grammatical errors. Finally, the link is not an NAB link. When we checked, the link was to an IP address. Not even to a domain name. The site linked to is a copy of the NAB site. It seeks to steal user login credentials.