HOW TO IDENTIFY SPAM AND PHISHING MESSAGES

Estimated reading time is 5 minutes.

Protecting yourself

We can all play a part in preventing cybercrime. The first step is learning to identify suspicious messages.

Identifying and managing spam

Spam refers to unsolicited junk emails that are sent to large numbers of people at once. Spam emails are typically advertising fake products or get rich quick schemes.

Don’t bother unsubscribing from spam emails; this just confirms to spammers that your email address works and that they should keep spamming you.

The most effective way of managing spam emails is to use your email settings to send these emails to your junk folder.

What is phishing?

Phishing (pronounced fishing) emails are more sinister than spam. They’re designed to trick you into providing personal information like:

• a mobile phone number
• usernames and passwords
• credit card details or bank details.

You’re in control with phishing emails

Criminals use email for the same reason legitimate business do, it’s a cheap way to get to a lot of people.

The phishing email you receive was probably sent to several thousand other people as well. You have the opportunity to outsmart these criminals by taking a few seconds to look for the signs that something is up.

Phishing emails often pretend to be from legitimate companies such as banks, courier companies, or government departments, and can contain links to fake websites.

These fake sites look very similar to the real ones, including ours, and are designed to trick people into entering their bank details.

Our Security team monitor the Internet for fake NAB websites and request to have them removed from the Internet to protect our customers.

Sometimes the emails will have an attachment that appears to be an invoice, or document. When you try to open the attachment, it installs malware on to your computer without your knowledge.

Ways to identify phishing emails

Using the example above, here are a few signs the email you received may be a phishing email.

Sender address

This might be unusual, misspelled or slightly different from the correct address, for example nab.com instead of nab.com.au.

Generic greetings and sign offs

Phishing emails are sent out to hundreds of people at once so use generic greetings and sign-offs.

Poor grammar and spelling

This can be a tell-tale sign, but it isn’t always the case. Remember, criminals can use spell check too.

Creating a sense of urgency

Phishing emails will often encourage you to click a link or download an attachment to avoid a problem to create a sense of urgency. Always read an email carefully before taking any action.

Suspicious links and fake websites

If you receive an email with a suspicious link, hover over the link with your mouse to see the actual web address the link leads to – it could lead to a fake website.

Malicious attachment

Often an attachment will appear to be a PDF, image or Office file, but when you try to open the document, it tries to run a program or script intended to infect your computer with malicious software.

SMS phishing

It’s not just email anymore. Cyber criminals are using other channels like SMS to conduct phishing. These fraudulent text messages use the same tactics as phishing emails, often pretending to come from a legitimate company.

Because text messages seem more personal, these messages are often not questioned in the same way as suspicious emails. Criminals are able to set the sender name of an SMS to anything they like. It’s the same as when you send a letter in the post; you can write whatever sender address you like on the back – it doesn’t have to be your real name or address. Sometimes criminals set the sender name as “NAB”, meaning that malicious SMS messages can appear in the same message thread as legitimate SMS messages.

Please see an example below.

This can be confusing - but trust your gut. NAB will never “suspend your account”, or send you a link to “verify your identity”. These messages are not a sign that NAB systems have been breached in any way– it simply means a criminal is impersonating our brand.

Always stop and think before clicking on a link in an SMS.

File sharing phishing

Increased use of file-sharing services such as Dropbox, Google Drive and OneDrive has led to an increase in fake emails pretending to be links to documents.

In reality, these emails contain links to lookalike file-sharing websites designed to steal your credentials, or download malicious software on to your computer.

What to do if you get 'phished'

If you suspect an email or text message, don't respond to requests for information and don’t click on any links or open attachments, even if there’s a sense of urgency.

If you receive a suspicious email or text message pretending to be from us, report it immediately to phish@nab.com.au.

As soon as we identify new scams and phishing activity, we publish warnings and examples on our website so you know what to look for.