NAB latest anti-scam strategy targets dodgy SMSs

NAB SMS Link program

NAB has announced it will remove hyperlinks from unexpected text messages sent to its customers in a further bid by the bank to stamp out phishing and social engineering scams.

Links in text messages sent from NAB will now be replaced with bare text advice directing customers to either the bank’s website, its call centre, or internet banking or mobile app portals.

NAB sent around 112 million SMS texts to customers last year, many of which, it added, “contained links intending to helpfully notify customers of things like when an account is about to be overdrawn or a new debit card has been posted.”

The bank confirmed it is 95 per cent of the way through its program to remove links from unexpected text messages, anticipating it will complete the project by the end of July.

Text messages sent from NAB subsidiaries Ubank, JBWere or Citi Consumer Bank are not currently included in the program.

SMS links are a common vector of attack for cybercriminals, with scammers frequently embedding phishing, or indeed ‘smishing’, links that trick customers into either sharing sensitive information, downloading malware, or sending them money.

In five months to the end of May this year, Scamwatch, the ACCC’s dedicated scam reporting service, has received more than 53,000 reports of SMS scams, representing by far the largest category of scam type.

The second-most reported scam, from emails, has been reported 33,000 times over the same period.

So far this year, Australians have reported to Scamwatch more than $13 million in financial losses from SMS scams.

Across the 2022 calendar year, the ACCC received a total of nearly 76,000 SMS scam reports, with a total loss of more than $28 million.

Commenting on the bank’s latest scam prevention strategy, NAB chief executive Ross McEwan said the bank’s aim from the program was “to make it as simple” as possible for a customer to determine the legitimacy of a message from the bank.

He warned customers to be conscious that, from now, text messages officially sent from the bank should no longer contain a link, with NAB adding that it will never ask customers to confirm, update or disclose personal or banking details via a link in a text message and will never ask customers to click a link to log in to internet banking or NAB Connect, NAB’s business banking portal.

“My advice is don’t click on a link. If you get an unexpected text message that looks like it’s from NAB and it contains a link, don’t click on it.”

“We want to make it as hard as possible for these criminals to steal money from hard-working Australians.”

NAB, however, added that its customers may still, in certain circumstances, receive a link in an expected text message from an individual NAB representative (e.g. where they have recently spoken to a NAB banker).

“This could include instances such as domestic violence or hardship support for a vulnerable customer, where other channels of communication may not be possible or appropriate.”