With cybercrime evolving daily, cybercriminals are becoming more and more innovative when it comes to tricking unsuspecting users.
A good example of this is MailGuard’s detection of a new multi-staged phishing email scam spoofing Suncorp. The hallmark of this scam lies in not only how well-crafted it is, but how it ironically utilises multiple safety features to steal confidential data of users.
First detected on Monday morning (AEST), the 1st of July, this scam was originally sent from cybercriminals forging the domain ‘suncorp.com.au’. The email is titled ‘ACTION REQUIRED: Verify your ID for next level security’ and contains a short message informing recipients to complete their ID verification. A link is provided to do so.
Here is a screenshot of the email:
Unsuspecting recipients who click on the ‘Verify Now’ button are redirected to a Suncorp branding phishing page that asks them to submit their account ID and password, as well as the secret token code if they have one:
Upon logging in, recipients are taken to a photo ID verification page, which directs them to upload a photo of a legal identification document, such as a page from their passport.
The ‘next step’ in this process involves users being asked to input additional personal details, including their address, as per the below screenshots:
Once users click on the ‘update button’, they are led to a ‘thank you’ page, informing them that they have successfully finished verifying their ID. They are then redirected to the login page:
This sole purpose of this elaborate phishing scam is to harvest the login credentials of Suncorp customers so the criminals behind this scam can break into their bank accounts.
By typing in your account number and password, you’re handing this sensitive account information to cybercriminals.
If you also upload your legal ID documents, it allows them to attempt other fraudulent actions, such as committing identity theft.
If you have received this email, please contact Suncorp Bank.
As you can see from all the screenshots above, cybercriminals have taken great pains to replicate official landing pages from Suncorp – including incorporating the bank’s branding and logo using high-quality graphical elements. All this is done in an attempt to trick the users into thinking the scam is legitimate.
It is also interesting to note that the body of the scam email is, ironically, focused on securing the users’ banking accounts via ID verification. This only adds on to the sense of legitimacy evoked by the email as updates on account safety is a common notification expected of such a well-established bank. All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details.
On top of this, this message contains several typical elements of a phishing email:
- use of a major brand name to inspire false trust; the usage of the supposed ‘Suncorp’ domain boosts the credibility of the email,
- repeated usage of ‘safety features’ typically expected of a well-established bank such as links to ‘Suncorp Help’ and support numbers,
- false urgency; telling the recipient that ‘’ACTION IS REQUIRED’ to create a sense of anxiety
To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
- Appear to be from a well-known organisation, typically a bank or service provider and are not addressed to you by name and may include poor grammar.
- Ask you to click on a link within the email body in order to access their website – your bank will always ask you to go to their website directly by typing their URL into your web browser address field, as a precautionary security measure.
- Ask you to submit personal information that the sender should already have access to.
Banks commonly hold a well-established and trusting relationship with customers, so when cybercriminals are looking for good trademarks to use in their email attacks they often brandjack banks.
MailGuard intercepted several other instances of cybercriminals brandjacking well-known banks such as NAB just last week.