Tag Archives: phishing

Warning issued over sophisticated banking scam

With so many phishing attacks and scams out there, you can never be too careful and that’s what some customers at one of Australia’s biggest banks have learned the hard way.

NAB has issued a warning to customers saying those who use online banking are being targeted with a sophisticated new phishing scam.

The email appears in customers’ inboxes and looks like it comes from ‘NAB internet banking’.

It then asks you to log into your account to verify your details.

Once you log in you are then directed to a new page where you are prompted to fill in personal details including contact details, account information and credit card details.

The email scam pretending to be from NAB. The email scam pretending to be from NAB.

Once you have completed the page, you are then redirected to the real NAB banking website and left none the wiser.

The whole thing looks very legitimate, but once you’re through with it the scammer has all your details including the bank login information, personal and contact details and credit card and account details — enough information to financially cripple some targets.

NAB told News Corp it was aware of the latest phishing scam and warned customers it would never ask for personal details via an email link.

The fake website that takes your details.The fake website that takes your details.

“NAB is aware of a current phishing email targeting customers requesting further information from customers to verify their account,” a spokesman said.

“NAB reminds customers that we will never ask them to verify your account details via a link in an email. We encourage our customers to be aware of suspicious emails and not to click links to suspicious websites.”

The scam email is apparently coming out of Spain, but until they manage to take it down customers are still at risk.

Cybersecurity firm Proofpoint is urging people to spread the message to warn anyone who could be at risk.

Remember, your bank will never ask you to verify your personal details via email.

Have you ever been targeted a scam? Do you bank with NAB?



Department of Motor Vehicles warns customers of past due ticket phishing scam in DC

Phishing Scam Related to DC Photo Enforcement Tickets

(WASHINGTON, DC) – The District of Columbia Department of Motor Vehicles is warning customers about a phishing scam to collect money from past due tickets. In an email from  info@localmailserver.info, customers are being told that they have a Notice of Unsatisfied Photo Enforcement Ticket. The notice also directs customs to click the link to “Lost Traffic Tickets.”  Anyone receiving this email should not click the link or reply with personal information.

Photo Enforcement tickets are mailed through the United States Postal Service to the address of record based on the tag number. Also, DC DMV mails the Notice of Unsatisfied Photo Enforcement Ticket, and it contains specific information on how to contest the ticket by submitting a request for adjudication. DC DMV only contacts customers via email if they have registered for DC DMV’s email ticket alert system. Then, they will receive an email notifying them to log into their account when there is a ticket update.

Customers who receive this email notice should report it to the Federal Trade Commission, which has detailed information for consumers on how to handle phishing scams.



People know they shouldn't click on links but do it anyway

Blatant nosiness is the reason why email users click on the links embedded within electronic messages, according to university researchers.

This new evidence, discovered in a study, throws into question the basic premise behind phishing. That presumption is that when an iffy email looks like it comes from a legitimate organization, but contains a link to a bogus website where financial details are guzzled by bad guys, that gullible people are being bamboozled by the apparent legitimacy of the email.

That’s in fact incorrect, computer science experts from Friedrich-Alexander-Universität in Germany believe. In reality, people are so curious that they will click on the link anyway. And that’s even though they know the link may be perilous.

Half of users click on hyperlinks that are sent from people they don’t know, the university discovered. But “most people know that emails and Facebook messages from unknown senders can contain dangerous links,” the researchers say in their press release.

“Many users still click on them,” it says. And it says it has evidence that not only are its findings correct, but also that some users deny they’ve done it.

The team sent 1,700 fellow students two batches of emails or Facebook messages using a fake sender name. The signatures were from “one of the 10 most common names for the target group’s generation.”

Both tranches of messages included a link to supposed images of a party the previous weekend. The first chunk used the recipients’ first names, and the second was generic, although that tranche included specific information about the event—it was a New Year’s Eve party, they were told.

Various Facebook accounts were also set up.

Overall 56 percent of email recipients and 40 percent of Facebook users clicked on the link. A follow-up questionnaire asking the recipients if they knew that clicking on links might be problematic revealed that over three-fourths of the respondents (78 percent) were aware of it.

“Seventy eight percent of participants stated in the questionnaire that they were aware of the risks of unknown links.” 

Why do they click?

When asked why they did it, the “large majority” indicated: “curiosity with regard to content of the photos or the identity of the sender.” Others’ justifications included that they’d been to a party the previous weekend, and more rationalized that they thought they knew the name of the sender.

Interestingly, the tally for those who admitted clicking on the innocuous little blue link did not match the totals of those who actually did the deed. Through a checking system, the scientists found that many more actually clicked the link (45 percent in one group) than those who said they did (20 percent in the same group).

The researchers, somewhat benevolently, think the mismatch might be “due to participants simply forgetting the message with the link after having clicked on it.” One might also guess they could be fibbing.

Users don’t pay attention

Computer users aren’t spending enough time attempting to identify phishing, a separate, unrelated study said in 2015. Using eye movement tracking and brain activity measurements, University of Alabama at Birmingham scientists say they discovered a lack of attentiveness, predominantly from people who were generally un-attentive in nature, which was causing phishing successes.

Real-time neural scanning could be a way to identify whether people were alert enough to open emails, those scientists suggested.

This article is published as part of the IDG Contributor Network. Want to Join?