NAB has cracked down against hundreds of fake websites attempting to dupe and scam Aussies.

In 2024, NAB identified and assisted with the removal of almost 600 illegitimate websites trying to impersonate the bank or its products, as it ramped up its efforts to counter the prevalence of cyber threats and scams, and better protect customers.

It follows thousands of scam website take downs ordered by ASIC in the same 12-month period.

Realistic looking but phony websites are often used in phishing and investment scams to tempt people into sharing their banking and personal information, or promising high windfalls from financial products or services.

NAB has released images of the latest real-life examples of fake websites, to help educate customers and the community about what to watch out for.

Fake websites, like this one, are a common tactic criminals use to rip people off. NAB has had this one removed.

NAB Head of Security Culture and Advisory Laura Hartley said criminals typically used three key methods when pushing fake websites.

1. Spoofed URLs: Web addresses which appear authentic but are slightly altered and difficult to distinguish from the real ones. Regularly used in text message, WhatsApp message or email phishing scams.
2. Urgency and fear tactics: Promotions pressuring people into quick decisions, such as limited-time offers or threats of account suspension which often arrive via email, text message or phone calls.
3. Fake endorsements: Use of fake testimonials or unauthorised use of brand trademarks or celebrity images to build credibility and commonly promoted across social media channels.

Ms Hartley said NAB remained focused on its fight against criminals as part of a bank-wide scam strategy and cyber security vigilance to help protect customers.

“We need to stop the crime before it occurs, and this can only be achieved through a coordinated national effort across the scam ecosystem. This includes digital media companies where many phony websites are hosted,” Ms Hartley said.

“On average, we request the take down of two malicious websites masquerading as NAB every day. Within hours of uncovering a fake site, we have added it to Google and Microsoft block lists, which alert customers to instances of bogus websites attempting to impersonate the bank.

“It’s a constant game of whack-a-mole and it’s why we need a coordinated, national approach to stop the crime before it occurs. Banks can’t do this on their own.

“We need to make Australia a hard place for these criminals to operate in and that takes a national coordinated response across banks, digital and social media companies and telcos all working closely together.

“When customers want to visit NAB’s website or check whether there’s an issue with their accounts, it’s safest to log in using the NAB app or type nab.com.au directly into your browser.