In this post, I’ll analyse a phishing attack we recently encountered in the wild targeting NAB (National Australia Bank) implementing two phishing techniques: “The Phishing Collage” (you can read about it in a previous post) and a new technique we call the “Defence Logo” that we will describe here.

The Attack

Below is a screenshot of the site pretending to be a NAB Internet Banking site and trying to steal credit-card credentials.

As described in a previous post, the attackers use the “phishing collage” technique, and the entire website is one background image and six forms. Here is a screenshot of the HTML:

The new technique the attackers use here is the “Defence Button”, where part of the image is the “NAB Defence” button.

Now, you ask yourself “what is the ‘NAB Defence’ button?” I asked myself the same thing, and here it is (straight from NAB official website):

“Wherever you see the NAB Defence logo, you’ll be protected against fraud” – This is completely untrue, and it confuses the customer and makes the attacker’s life easier as phishing attacks are all about getting the person’s trust, which increases dramatically with the “Defence Button” copied with the phishing collage technique.

Summary

I contacted NAB and advised them to remove this “Nab Defence” button but didn’t get a response yet.

As always, on a self-promotional note, below is a screenshot of our PhishProtectTM extension blocking the website. Register for a two-week free trial and see it in action.