I received this SMS today from +61 448 111 215

Your account is locked. Proceed with additional verification. https://online-banking-nab.com/.cgi

scam SMS text message

This is a scam. What are the clues?

  1. It’s from a random Australian mobile number. Banks don’t use mobile numbers to send messages.
  2. The domain looks like NAB but it is actually online-banking-nab as a dot com. Australian banks don’t use .com they use .com.au and don’t put dashes in their URLs
  3. The .cgi at the end (note that is dot CGI). This hides the directory on the server so the admin can’t see it in a casual scan.
  4. Legitimate Australian Bank’s messages contain much more additional information and mention what to do if you weren’t expecting this SMS

Even if an SMS passed those tests I still treat every SMS purporting to be from a bank as suspicious.

Luckily Google Chrome, Safari, iPhone Safari and Firefox have already blocked that Deceptive Site URL using Google Safe Browsing with a Deceptive Website Warning.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.