NAB has cracked down against hundreds of fake websites attempting to dupe and scam Aussies.
In 2024, NAB identified and assisted with the removal of almost 600 illegitimate websites trying to impersonate the bank or its products, as it ramped up its efforts to counter the prevalence of cyber threats and scams, and better protect customers.
It follows thousands of scam website take downs ordered by ASIC in the same 12-month period.
Realistic looking but phony websites are often used in phishing and investment scams to tempt people into sharing their banking and personal information, or promising high windfalls from financial products or services.
A recent scam website impersonating NAB's Internet Banking platform. The website has a similar design, including photo and font, to the legitimate one. The biggest scam red flag is the URL.
NAB Head of Security Culture and Advisory Laura Hartley said criminals typically used three key methods when pushing fake websites:
1. Spoofed URLs: Web addresses which appear authentic but are slightly altered and difficult to distinguish from the real ones. Regularly used in text message, WhatsApp message or email phishing scams.
2. Urgency and fear tactics: Promotions pressuring people into quick decisions, such as limited-time offers or threats of account suspension which often arrive via email, text message or phone calls.
3. Fake endorsements: Use of fake testimonials or unauthorised use of brand trademarks or celebrity images to build credibility and commonly promoted across social media channels.
Ms Hartley said NAB remained focused on its fight against criminals as part of a bank-wide scam strategy and cyber security vigilance to help protect customers.
"On average, we request the take down of two malicious websites masquerading as NAB every day. Within hours of uncovering a fake site, we have added it to Google and Microsoft block lists, which alert customers to instances of bogus websites attempting to impersonate the bank," she said.
“We need to make Australia a hard place for these criminals to operate in and that takes a national, coordinated response across banks, digital and social media companies and telcos.
“If anyone spots a fake website impersonating NAB, you can report it via our website at nab.com.au/security. Customers can also see the latest security alerts at nab.com.au/securityalerts.”
How to recognise the red flags of a fake website
• A website URL that doesn’t look quite right (eg extra letters, words, numbers or punctuation)
• Low quality website design, grammatical errors or unrealistic offers
• Investment opportunities that appear too good to be true
• Missing contact information or customer service details.
• Being directed to it via a link in a text message that appears to come from 'NAB'.