I received this SMS today from +61 448 111 215
Your account is locked. Proceed with additional verification. https://online-banking-nab.com/.cgiscam SMS text message
This is a scam. What are the clues?
- It’s from a random Australian mobile number. Banks don’t use mobile numbers to send messages.
- The domain looks like NAB but it is actually online-banking-nab as a dot com. Australian banks don’t use .com they use .com.au and don’t put dashes in their URLs
- The .cgi at the end (note that is dot CGI). This hides the directory on the server so the admin can’t see it in a casual scan.
- Legitimate Australian Bank’s messages contain much more additional information and mention what to do if you weren’t expecting this SMS
Even if an SMS passed those tests I still treat every SMS purporting to be from a bank as suspicious.
Luckily Google Chrome, Safari, iPhone Safari and Firefox have already blocked that Deceptive Site URL using Google Safe Browsing with a Deceptive Website Warning.