Phishing scam targets Bendigo Bank customers
Bendigo bank users are being targeted by scammers in a new phishing campaign. The scammers have tried a new twist on the old “urgent” type phishing emails. This email suggests that the recipient can speed up an upgrade to Bendigo Bank’s online services if they click on a link and supply their banking details.
Figure A shows the email. Several of these emails were stopped by our spam email filters; this is one sample. The others are identical, save for the intended recipient. The subject line of the email reads “You have 1 new message” whilst the sender is listed as “Bendigo Online Services”.
The purpose of the email is to inform the recipient that Bendigo Bank is upgrading their online services. Apparently, the bank requires assistance from customers to expedite the upgrade. The recipient is advised to click on a link contained within the body of the email.
In terms of phishing emails, this one is moderately complex. It does have what appears on first glance to be a valid link. However, mousing over the link shows that it does not lead to Bendigo Bank Adelaide (as the link text implies). Instead it leads to a realistic facsimile of the Bendigo Bank site. This fake website looks to garner a user’s online banking details, with the intent to commit fraud.
There are two other indications that this email is bogus. The email is not personalised; in fact, there is no salutation at all. A second indicator is the Bendigo Bank logo; it looks as though it has been squashed vertically. In particular, the circle that contains a stylised “B” (on the official Bendigo Bank page) looks like an ellipse on the email.
Bendigo Bank has posted a statement on their website concerning phishing emails; point two is apposite:
Never follow links to Bendigo e-banking from an email they have received.
The statement goes on to say that “customers should immediately be suspicious of any phone call, email or correspondence which asks them to disclose banking details.”