Emmanuel Marshall from mailguard writes:
Banks are well-trusted institutions, so when cybercriminals are looking for good trademarks to use in their email attacks they often rip-off bank branding. This new scam email uses the NAB trademark to try and persuade recipients that it is a genuine notification message from their bank. The message tells the victim that they have been sent a “SWIFT message” as a “confirmation of payment” to their account.
There is a .PDF titled “NAB_Swift” attached to the email, which links to a file hosted on DropBox. When the file is opened it will automatically install malware on the victim’s computer.
Email-borne malware can have many destructive effects on computer systems, including installing viruses like spyware and enabling remote control by hackers. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we’re all capable of making bad judgement calls. It’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.