The National Australia Bank has been hit by another phishing scam.
The hoax email was hosted on a site in China, according to Websense, which tracked the attack on the bank’s Internet customers.
The email, purporting to be from the NAB’s Technical Department, read:
“The National Australia Bank Technical Department is performing a scheduled software upgrade to improve the quality of the banking services.
“By clicking on the link below you will begin the procedure of the user details confirmation (sic).
“These instructions are to be sent to the followed by all National Australia Bank clients (sic). We apologise for any inconvenience and thank you for cooperation (sic). National Australia Bank Technical Service."
While phishing attacks aimed at banks are nothing new, Websense country manager Joel Camissar, said the attack was particular sinister due to its being part of a “Rock Phishing kit".
“This attack was created by a Rock Phishing kit, which is a set of tools which is free for hackers to download and create more targeted attacks or to attack dozens of companies at the same time,” he said.
Camissar said the proof of this could be seen in the increasing sophistication of attacks and the proliferation of phishing websites web sites.
He said in 2004 there were some 198 unique phishing sites. By December 2005 this had grown to 51,481.
“The return on investment in phishing is phenomenal,” he said. “It cost sabout $160 to set up a phishing scam to send 10,000,000 emails a month. Even if only 0.001 percent of the emailed people respond, it nets about $125,000.”
The NAB could not be reached for this story.
NAB hit by phishing scam
By Tim Lohman on Mar 9, 2006 3:02PM