The scam email, detected by security firm MailGuard, has a realistic looking logo included and the text informs the recipient that “we detected irregular activities on your credit card,” and that “your account has been temporarily suspended for your protection, we must verify your identity.”
MailGuard’s Emmanuel Marshall said in a blog post that the “cunningly designed scam” closely resembled a genuine St George communication, and the email contained a link “to restore your account,” which had been set up to look like a real St George link.
“The URL contains the text ‘stgeorge.com.au,’ like the genuine bank website, but the text is not the actual domain. The real domain is at the end of the URL and is: 'loginPage.action'; a malicious phishing page,” Marshall said.
“Anyone who progresses to the third page of this phishing site will finally be asked to upload selfie photos of their driver’s licence and passport,” the alert says.