Phishing emails targeting NAB customers
NAB customers are once again being targeted with phishing emails that attempt to steal the user’s login id and password, as well as credit card information. The type of email crafted by the attackers is designed to pressure the recipient into responding.
The email has the subject line “NAB: Your account is under verification” or similar. Ostensibly, the email is to alert the customer that their “NAB Internet Banking Account details need to be updated”. The email implies that the customer’s account has been restricted. When the customer updates their details, the restriction will be lifted.
Contained in the email is a link, supposedly to allow customers to verify their account. The email ends with a warning that a failure to verify their account “will lead to online service suspension”. The email is reproduced in Figure A.
This particular email uses time pressure to try to trick the recipient into clicking on the link. The implication is that the customer’s account will be suspended, until they verify their details. The link itself leads to a phishing site.
This phishing site is designed to steal the user’s login ids and passwords, along with (potentially) credit card details. Unfortunately, the Christmas season also appears to be the signal for an uptick in these types of phishing emails.
Most banks have a section on their website detailing their online security stance. NAB is no different; in the Security section of their website is a statement that reads:
NAB will never ask you to disclose your password via email. NAB Internet banking matters will only be communicated electronically via the secure messaging facility within Internet Banking.
Note that this email phish has been reported to the NAB.
When receiving unsolicited emails, don’t download any attachments and don’t click on any links unless you can verify that the email is legitimate.