National Australia Bank (NAB) has revealed that last year it removed around 600 illegitimate websites impersonating the bank or its products.

The Australian Securities and Investments Commission (ASIC) removed around 7,300 phishing and investment scam websites over the same period.

NAB said that realistic-looking websites are often used in phishing and investment scams to tempt people into sharing their banking and personal information.

These fake websites often promise high returns from financial products or services.

NAB advised its customers to look out for telltale signs, including fake endorsements by celebrities and urgency or fear tactics which pressure people into quick decisions by implying an offer is only available for a limited time.

Additionally, it said that consumers should be aware of ‘spoofed URLs’ or web addresses which appear authentic and are difficult to distinguish from real ones.

The bank warned these are often used in text messages or email phishing scams.
Laura Hartley, NAB’s head of security culture and advisory, said that on average the organisation takes down two malicious website each day, describing its strategy as a constant game of “whack-a-mole".

“We need to make Australia a hard place for these criminals to operate in and that takes a national coordinated response across banks, digital and social media companies and telcos all working closely together,” she added. “Within hours of uncovering a fake site, we have added it to Google and Microsoft block lists, which alert customers to instances of bogus websites attempting to impersonate the bank.”

Earlier this week, UK Finance urged the government to ensure that social media, technology and telecoms companies have a share in the cost of combatting fraud.

The British trade association, which represents 300 firms in the financial services industry, said that the move would send a clear signal to both global and domestic investors that the UK will become a “more stable and predictable environment” for financial services.

Dianne Doodnath, a spokesperson for UK Finance told FStech earlier this year that following the implementation of the PSR’s APP fraud scheme, it would be unjust for banks to solely bear the responsibility of addressing risks arising from the exploitation of systems and services on these platforms.

She instead emphasised the necessity of finding a more equitable distribution of the burden of protection and prevention more equitably.

---