14 DAY TRIAL // Cybercriminals continue to send bogus NetCode notifications in an attempt to trick the customers of Australian and New Zealand financial institutions to hand over their personal and financial details.
Entitled “NetCode Security Alert!” or “NetCode Security Notification!,” – depending on the bank whose customers they’re targeting – the latest emails read something like this:
“Dear customer,
Your Netcode Security has been disabled is an extra level of security used to double-check that it’s really you making transactions online. You are hereby advised to follow the Link below to Re-activate your Netcode Security token.
Click Here To Enable Netcode Security”
The variant spotted by millersmiles.co.uk is addressed to Commonwealth Bank of Australia customers, but New Zealand’s Department of Internal Affairs is warning ABS Bank clients of similar scams.
Users who fall for the trick and click on the links contained in the emails are taken to a website which hosts a webpage that almost perfectly replicates the targeted bank’s login page.
Once victims enter their client numbers and passwords, they’re presented with a second form which requests additional information such as name, phone banking password, date of birth, mother’s maiden name, driver’s license number, driver’s license expiry date, debit card number, card expiry date, email address, and email account password.
There are some noteworthy things about these phishing scams. First of all, not only one compromised site is utilized.
When victims click on the links from the emails, they’re taken to one site (in this case a Romanian bike shop), which redirects them to a second website where the phishing pages are hosted.
Similar emails have been spotted back in February. However, at the time, the fake notifications informed recipients that their NetCode SMS authentication systems had been disabled.
Internauts are advised to avoid websites that request personal or financial information. Remember that your bank would never ask you to reveal your passwords or PINs.
In case you’re a victim of these schemes, immediately contact your financial institution.
