sb-nz logo
Story image

ANZ Bank warns businesses and customers of phishing scam

ANZ Bank is warning members to be wary of a new phishing scam, as the bank's trademarks have once again been exploited in an email scam. 

The malicious emails are infiltrating inboxes using a display name of ‘ANZ Internet Banking’ and are titled ‘ANZ INTERNET BANKING ACCOUNT ALERT’. The sending address displayed in the 'From' field uses the domain '@alert.com'. MailGuard detected the emails actually come from a compromised email account, ANZ Banking Group says.

The message body contains a high-quality ANZ logo and advises the recipient they have a ‘pending verification waiting to validate’ and that they should log in to their account to view this message. A link is included to ‘View Your Message along with today’s date.

Unsuspecting recipients who click on the link are led directly to a legitimate-looking copy of the ANZ login page that asks for their confidential details. This is actually a phishing page.

Users who enter their details and click ‘Log on’ are led to a 'security page' once again spoofing ANZ’s branding & logo. This page asks users to 'verify' their security questions and answers.

Once all of the above fields have been completed and recipients click ‘Continue’, a message appears on screen thanking them for using ANZ Internet Banking.

Clicking ‘OK’ finally redirects the recipient to the actual ANZ website.

This sole purpose of this elaborate phishing scam is to harvest the login credentials of ANZ customers so the criminals behind this scam can break into their bank accounts, ANZ says.

"Cbercriminals have taken great pains to replicate official landing pages from ANZ – including incorporating the bank’s branding and logo using high-quality graphical elements. All this is done in an attempt to trick the users into thinking the scam is legitimate." It says.

"It is also interesting to note that the body of the scam email includes a note explaining that due to ‘privacy & security reasons’, it is unable to include personal details like the recipient’s account name and number," ANZ says.

"The lack of these details is widely considered to be a red flag associated with scam emails. Including a reason to explain why these details have been omitted is therefore an attempt by the cybercriminals to provide a justification for this red flag and boost the credibility of the email."

 ANZ says a focus on security is, ironically, a key feature of this scam email, considering the additional security reminder in the email footer that ANZ will ‘NEVER send an email which includes a link that redirects you to logon to internet banking’. 

"These security reminders are commonly expected of such a well-established bank. All this serves to elicit a more confident response from recipients who think they are validating their accounts by clicking on the provided link and entering their confidential login details," it explains. 

"However, despite these attempts, this email scam contains several other tell-tale signs that point to its illegitimacy. These include grammatical errors like 'banking account have a pending verification' as well as spacing errors," ANZ says.

Recipients who have received such a hoax/suspicious email claiming to be from ANZ are advised do the following:

  • Do NOT click on any unexpected/unusual links or open attachments.
  • Forward the suspicious email or SMS to hoax@cybersecurity.anz.com
  • Delete the message from your inbox.

ANZ also offers these tips on preventing online fraud attempts:

  • Check the address bar of your browser to see if ANZ’s website address has changed from http:// to https://
  • Check to see if a security icon that looks like a lock or a key is visible near the address bar on any page that you need to enter your security credentials.

To minimise your chances of becoming a victim of a phishing scam, ANZ advises:

  • Don’t respond to emails requesting personal information or security credentials.
  • Change passwords on a regular basis.
  • Keep your antivirus and firewalls up to date and perform regular scans on your computer

"Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them," ANZ says.

Link image
When it comes to data, resilience is king
Data is the most important asset for a business. But if it's not stored securely, or if it's not instantly available, its value can plummet. Learn more here.More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Link image
How to better protect your organisation's most valuable asset - its data.
Data resilience strategies are becoming increasingly critical in relation to the skyrocketing value of data and the proliferation of malicious entities wishing to steal it.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Commvault launches Metallic in A/NZ region for first global expansion
The Australia and New Zealand region continues to be a priority market for Commvault, as cloud adoption across the region leads global averages, the company states.More