Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation








Issue 142 - Novemeber 2012 (1st Edition) - Page 13

Bank of Queensland 'Security Message' Phishing Scam

Issue 142 Start Menu

Previous Article            Next Article

Outline
Email purporting to be from Bank of Queensland (BOQ) urges the recipient to click a login link in order to read an important security message.



Brief Analysis
The email is not from BOQ. The message is a phishing scam designed to trick recipients into divulging their BOQ login details to cybercriminals.

Bookmark and Share

Enter your email address to subscribe to the Hoax-Slayer Newsletter:






Last updated: October 15, 2012
First published: October 15, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

Subject: Your Have 1 New Security Message

Dear Customer,

Important security message

Your security is very important to us. You Have 1 Secured Message

To View Your Message, Please click the "Log In" link below to access your BOQ Online Account.

Log In

BOQ Customer Service.

2012 Copyright Bank Of Queensland.

Bank of Queensaland Phishing Scam




Detailed Analysis
This message, which claims to be from Australian bank, Bank of Queensland (BOQ) informs recipients that they have an important security message waiting for them online. The message urges them to click a login link in order to go to their BOQ online account and view the security message. The message includes the BOQ logo and copyright notice.

However, the message is not from BOQ. In fact, the email is a phishing scam designed to trick recipients into divulging their account login details to Internet criminals. Those who fall for the scammer trick and click the login link, will be taken to a fake BOQ website and asked to enter their BOQ account login details. The fake login page has been created so that it is virtually identical to the genuine BOQ login.

Users who proceed to enter their details and click the login button will be rapidly taken to the real BOQ login page. Meanwhile, the information they have provided can be collected by the criminals responsible for this phishing attack and used to hijack the real BOQ accounts belonging to their victims.

Because the scam page redirects to the genuine page, some victims may mistakenly believe that their initial login attempt failed and simply login again. Thus, they may not realize until it is too late that they have been phished. Although the fake site may look genuine at first glance, it can easily be identified as fraudulent by examining its web address. Firstly, the address has no relation to the genuine BOQ URL. And secondly, the login page is hosted on an unsecure (http: rather than https:) site. No legitimate bank will ever expect customers to login via an unsecure website. And no legitimate bank will send generic, unsolicited emails to customers asking them to follow a link or open an attachment to login to their accounts. The safest policy is to login to all of your online accounts by entering the account web address directly into your browser's address bar rather than by clicking an email link.

BOQ has published information warning customers about such scams on its website.

Bookmark and Share



References
Phishing Scams - Anti-Phishing Information
Difference Between http and https
BOQ - Fraud Warning - Hoax Email Alert

Previous Article            Next Article

Issue 142 Start Menu

Pages in this issue:
  1. Spiderman Window Cleaners Picture
  2. Post Circulating Rekindles a 1990's Anti-Margarine Email
  3. Rey Mysterio is NOT Dead
  4. UN Observers at USA Polls Protest Message
  5. Urban Legend - NASA Scientists Discover Biblical 'Missing Day'
  6. Windows Email Security Update Phishing Scam
  7. Does a Circulating Image Show A Rapist Coach Slashed by a Protective Mother?
  8. Hoax - 400 Marine Corps Dogs Need Homes
  9. Skype 'lol is this your new profile pic' Ransomware Warnings
  10. 'News Report' Claims Gonorrhea Spread Through Air
  11. DealsDirect Phishing Scam
  12. Facebook 'Blocked Account' Scam Email
  13. Bank of Queensland 'Security Message' Phishing Scam
  14. LinkedIn 'Invitation to Connect' Malware Emails
  15. Lloyds TSB 'Internet Banking Account Status' Phishing Scam
  16. NASA JPL Twitter Account Retweets Anti-Romney Material