National Australia Bank miss key opportunity for their customers

I have an observation about this Cyber Security Warning from the National Australia Bank: NAB have DMARC implemented and at this point could have educated recipients how to identify just which domains are used by NAB and can not be spoofed, or how to check if it has been.

Note from the images of the email spoof examples provided by the NAB on their website are tow significant organisations, Australia Post and ASIC. The Australia Post spoof was using a dodgy and random unrelated from domain, thanks to DMARC. The Australia and Investment Securities Commission does not have DMARC and therefore the criminals have used thed domain in the From address.

  • Australia Post has DMARC and could have been referenced by the NAB in their warning;
  • The Australia and Investment Securities Commission does not have DMARC!

When it comes to transnational messaging and email marketing organisations must protect their customers and brand.

+++++++++++++++++++++++++++++++++++++++++++++++++
25 January 2017
An important message from NAB’s online security team
NAB is aware of spam emails circulating which contain malicious software. Some may appear to be a parcel delivery notification, or a notification from ASIC. Please see two examples below.
If you have received one of these types of emails and have clicked on the links or attachments, please contact the NAB Connect Client Centre on 1300 888 413 (option 1) immediately.
Examples of recent malicious emails:

If you see the below screen after logging into NAB Connect, your computer may be infected with malicious software:

If you believe your computer is infected with malicious software:
• Do not proceed with any transactions
• Immediately contact the NAB Connect Client Centre on 1300 888 413 (option 1) and advise your computer may be infected with malicious software.
• NAB can assist you to remove the malicious software from your computer and confirm your recent payments to ensure they are valid.
To help protect your computer against malicious software, keep software on your computer up to date, including the latest anti-virus and security updates.
Did you know: NAB has a free six month anti-virus offer for customers: ‘Anti-virus offer for customers’
Speak to your banker about adding extra security to your account by using a security token, dual authorisation and segregation of duties: ‘Security for NAB Connect Customers’. Please report suspicious emails to spoof@nab.com.au.
For more information on protecting your business online, visit nab.com.au/security
Sincerely,

Txxx Cro….
Digital Platforms and Delivery