NAB removed nearly 600 fake websites and products in 2024

They use spoofed URLs, promotions that pressure quick decisions, and fake testimonials.

The National Australia Bank (NAB) said that it removed almost 600 illegitimate websites impersonating the bank or its products in 2024.

It follows thousands of scam website take downs ordered by ASIC in the same 12-month period.

The realistic-looking but phony websites often make use of three methods, says NAB Head of Security Culture and Advisory Laura Hartley.

First, the spoofed URLs and web addresses appear authentic but are slightly altered and difficult to distinguish from the real ones. This is regularly used in text messages, WhatsApp messages or email phishing scams.

It also features promotions pressuring people into quick decisions, such as limited-time offers or threats of account suspension which often arrive via email, text or phone calls.

These messages may also use fake testimonials or unauthorised use of brand trademarks or celebrity images to build credibility and are commonly promoted across social media channels.

“On average, we request the take down of two malicious websites masquerading as NAB every day,” Hartley said.

Within hours of uncovering a fake site, NAB had added it to Google and Microsoft block lists, which alerts its customers to instances of bogus websites attempting to impersonate the bank, she said.

“It’s a constant game of whack-a-mole and it’s why we need a coordinated, national approach to stop the crime before it occurs. Banks can’t do this on their own,” Hartley said.