Issue 142 - Novemeber 2012 (1st Edition) - Page 13
Bank of Queensland 'Security Message' Phishing Scam
Email purporting to be from Bank of Queensland (BOQ) urges the recipient to click a login link in order to read an important security message.
The email is not from BOQ. The message is a phishing scam designed to trick recipients into divulging their BOQ login details to cybercriminals.
Last updated: October 15, 2012
First published: October 15, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Your Have 1 New Security Message
Important security message
Your security is very important to us. You Have 1 Secured Message
To View Your Message, Please click the "Log In" link below to access your BOQ Online Account.
BOQ Customer Service.
2012 Copyright Bank Of Queensland.
This message, which claims to be from Australian bank, Bank of Queensland (BOQ) informs recipients that they have an important security message waiting for them online. The message urges them to click a login link in order to go to their BOQ online account and view the security message. The message includes the BOQ logo and copyright notice.
However, the message is not from BOQ. In fact, the email is a phishing scam
designed to trick recipients into divulging their account login details to Internet criminals. Those who fall for the scammer trick and click the login link, will be taken to a fake BOQ website and asked to enter their BOQ account login details. The fake login page has been created so that it is virtually identical to the genuine BOQ login.
Users who proceed to enter their details and click the login
button will be rapidly taken to the real BOQ login page. Meanwhile, the information they have provided can be collected by the criminals responsible for this phishing attack and used to hijack the real BOQ accounts belonging to their victims.
Because the scam page redirects to the genuine page, some victims may mistakenly believe that their initial login attempt failed and simply login again. Thus, they may not realize until it is too late that they have been phished. Although the fake site may look genuine at first glance, it can easily be identified as fraudulent by examining its web address. Firstly, the address has no relation to the genuine BOQ URL. And secondly, the login page is hosted on an unsecure (http: rather than https:
) site. No legitimate bank will ever expect customers to login via an unsecure website. And no legitimate bank will send generic, unsolicited emails to customers asking them to follow a link or open an attachment to login to their accounts. The safest policy is to login to all of your online accounts by entering the account web address directly into your browser's address bar rather than by clicking an email link.
BOQ has published information warning customers
about such scams on its website.
Phishing Scams - Anti-Phishing Information
Difference Between http and https
BOQ - Fraud Warning - Hoax Email Alert
Pages in this issue:
- Spiderman Window Cleaners Picture
- Post Circulating Rekindles a 1990's Anti-Margarine Email
- Rey Mysterio is NOT Dead
- UN Observers at USA Polls Protest Message
- Urban Legend - NASA Scientists Discover Biblical 'Missing Day'
- Windows Email Security Update Phishing Scam
- Does a Circulating Image Show A Rapist Coach Slashed by a Protective Mother?
- Hoax - 400 Marine Corps Dogs Need Homes
- Skype 'lol is this your new profile pic' Ransomware Warnings
- 'News Report' Claims Gonorrhea Spread Through Air
- DealsDirect Phishing Scam
- Facebook 'Blocked Account' Scam Email
- Bank of Queensland 'Security Message' Phishing Scam
- LinkedIn 'Invitation to Connect' Malware Emails
- Lloyds TSB 'Internet Banking Account Status' Phishing Scam
- NASA JPL Twitter Account Retweets Anti-Romney Material