NAB targets fraudulent websites in major cybersecurity push

National Australia Bank (NAB) has escalated its efforts to combat cyber fraud by targeting hundreds of fake websites designed to impersonate the bank's branding and defraud Australian customers.

Over the course of 2024, the bank successfully identified and helped dismantle nearly 600 of these deceptive sites, significantly bolstering its defenses against an increasing wave of cyber threats.

In 2024, scam reports in Australia decreased by 17.8% to 494,732, reflecting improved awareness and reporting, with financial losses dropping 25.9% to $2.03 billion, according to the National Anti-Scam Centre.

Common tactics in cyber scams unveiled

In their sophisticated approach to phishing, fraudsters have crafted websites that closely mimic the appearance of legitimate NAB pages, luring individuals to input personal and financial information.

Laura Hartley (pictured), NAB’s head of security culture and advisory, revealed the primary techniques employed by these criminals:

1. Spoofed URLs: These are web addresses that mimic authentic URLs, with minor alterations that are not easily noticeable. They are often circulated through phishing scams via email, text messages, or social platforms.
2. Urgency and fear: Scammers create a false sense of urgency, pushing potential victims to act quickly with offers that expire soon or threats of account suspension if immediate action is not taken.
3. Counterfeit endorsements: Fake testimonials and the unauthorised use of celebrity images or brand logos are strategically used to enhance the credibility of these fraudulent sites, commonly promoted across various social media channels.

NAB’s call for collective action

Highlighting the need for a comprehensive and unified approach to tackle these threats, Hartley stressed the importance of collaboration across the financial and tech industries to pre-emptively stop these crimes.

“It’s a constant game of whack-a-mole and it’s why we need a coordinated, national approach to stop the crime before it occurs,” she said.

Hartley stressed that the solution requires joint efforts not only from banks but also from digital media companies, social media platforms, and telecommunications providers to create a formidable barrier against cybercriminal activities.

Safeguarding customer interests

NAB, which recently sounded the alarm on the new pop-up SMS scam threat, has implemented robust measures to quickly identify and neutralise threats, including adding fraudulent sites to Google and Microsoft blocklists within hours of detection.

This rapid response mechanism is part of a broader strategy aimed at ensuring the safety of customer data and preventing financial losses due to scams.

Customers are encouraged to access NAB services securely through the official app or by directly typing the bank’s website into their browsers.

Any suspicious activity or imitation sites can be reported directly on NAB’s dedicated security webpage, where updates on the latest security threats are also provided.

Read the NAB report here.