Whether you use a specific bank or not, you could be tricked into clicking a scam which is affecting Australians like you.
Cybercriminals will do whatever they can to help relieve you of any money you didn’t know you needed, and this week, the one that grabs us was sent to us by a reader, asking if this was real.
Here’s the screen shot, which shows a text purportedly from the NAB, which is interesting given the person in question told Pickr they weren’t an NAB customer.
That’s the first obvious sign that the text isn’t real, but the second comes from what follows the message: a link to a website that appears like it’s from the NAB, and yet isn’t. As a point, it’s been sent separately, which if a bank decided to send an SMS probably wouldn’t happen.
This already gives us an idea that this will be a “phishing” attempt, a technique which basically pretends to be something else in order to fish for your details by tricking you.
A fake banking site sits right in line with typical phishing tactics, though it can apply to almost anything, but there are some sure-fire ways to identify why this phishing attempt is downright foolish.
The spelling
Scammers don’t usually think about things like spelling, punctuation, or grammar, but localised banks will, and while the spelling is mostly right in this scam, it’s also not made for Australians.
How do we spell “authorised” in Australia?
It’s not with a “z”, as that’s how it’s used in America and some parts of Asia, telling us this wasn’t crafted by an Aussie bank. Not by a long shot.
The link
The biggest indicator that this is fraudulent comes from the link and how it works in relation to phishing.
As we said earlier, phishing is about pretending to be something else, forging an identity in order to steal others. This means the scammers will do what they can to make a website to trick you into thinking you’re at the real one, and this happens first with the domain, that URL you always see.
The real NAB banking website is at “nab.com.au”, which you can see for yourself if you type it into your browser. This fake one is claiming to be “nabmobile.org”, which is not the same.
This is pretty much one of the consistent things about phishing: it’s about trickery, and plays on the idea that you probably won’t be paying attention.
It’s very easy to build a scamming website that looks like a bank, too, even tricking you to enter security question details which could be used to break into other services and accounts you operate, but faking the website URL to be exactly what it’s supposed to be has to be done with something that appears similar, but isn’t real.
In this situation, the scammers were hoping “nabmobile.org” was close enough to trick you into thinking the NAB would have it as a website.
When in doubt, go to the banking website you know by typing in the URL and not clicking a link you receive, regardless of if you get the link through SMS text, email, or another website.
We’re talking about your finances here, people, so typing in the URL is the best way forward. Clicking a link will barely save you a second or two, and that second or two could save your proverbial.
The research
Even though we know this isn’t real, a little research can be your friend, too, and the government technology blogs will sometime even alert Aussies on major security issues and scams in the community, such as with this one that the Australian Communications and Media Authority (ACMA) reported on earlier in the year.
If you’re concerned by anything or you’re unsure, use your phone and dial the bank as seen on the back of your bank card, asking them if this is real or not.
There’s a good chance they’ll say no, and you can just delete the message and be done with it.
