The banking industry in Australia has been subject to various email scams designed to compromise customer’s online user credentials or personal information, in order to illegally obtain and transfer funds overseas.
These unsolicited emails are sent in high volumes to random email addresses in the hope that they will find banking customers.
We are working with other banks, Australian High Tech Crime Centre (AHTCC) and other external bodies within the industry to stop this fraudulent activity. You can also visit the Scamwatch website to learn about scams and how to protect yourself.
Act quickly and contact us on 1300 651 656 if you think you have been affected.
There are generally two types of emails.
1. Phishing emails - these spoof emails appear to come from a bank and generally contain a link to a fraudulent website which looks identical to the genuine site. Recipients of these emails are requested to login to NAB Internet Banking and enter personal information such as NAB ID or log in password. Details entered into a fraudulent web site can then be used on the real website to commit fraud.
2. Virus or trojan emails- these generally come from senders unknown to you and contain links or attachments that may download and install malicious software (malware) onto your computer. The subject and wording of the emails are often designed to be sensational or provocative to try and get you to urgently act on the message. (For example by claiming that you have just placed an order for an online purchase or the Prime Minister is dead).
If you act on the email, the malware will try to install itself automatically on your computer, although the success of this will depend on whether the appropriate software security updates have been installed. The malicious software is designed to capture any information that you enter into online services such as internet banking, and send it back to a criminal who can use it for the purpose of fraud.
Some sophisticated malware can also turn off your security software and may capture other personal information like name, address or date of birth as it’s entered into online forms on eBay, in web mail or other online purchases.
If you receive unsolicited emails, don’t click on any links, open attachments or enter any personal information. We won’t send emails requesting you to login to online services like NAB Internet Banking and will never ask you to disclose your passwords via an email.
Hoax email scams are often also connected with employment scams designed to illegally launder money. Once a customer’s credentials have been compromised by a hoax email, the money is transferred to another Australian bank customer’s account which belongs to a financial agent or “mule”. This person is also being scammed and usually completes the laundering by wiring the funds to the criminals.
Mules are recruited by criminals posting fake job advertisements on Australian web sites or by sending unsolicited emails containing an offer of employment. The advertisements are from fictitious foreign companies looking for people to receive domestic funds and on-forward them to a specified overseas recipient. The advertisements usually claim to offer high salaries for little work and typically only require that you’ve a computer and a bank account. Remember that if it sounds too good to be true it probably is.
Please visit www.scamwatch.gov.au to learn how to protect yourself, and to find out about other scams.