ANZ Customers - This Zero Day Phishing Email Attack Is Targeted At You

At the time MailGuard discovered this new variant, no common security vendors were detecting the malicious URL contained within the email as a phishing scam.

Here is a screenshot of the type of email to watch out for:

In the example above, this plain text email appears to originate from ANZ. It alerts recipients that ANZ’s customer service team has allegedly locked their “Customer Registration Number”, and requires victims confirm their identity to unlock their locked ANZ account. 

This particular variation lacks bank information, is impersonal and lacks official elements that identity this as an official email such as a corporate header and footer.

Upon clicking the ‘log in’ link within the email body, the user is directed to a fake ANZ login landing page that is similar in appearance to that of the official ANZ login page. 

As you can see in the screenshot above, a couple of elements already reveal this exploit to be a scam.

• The website address in the URL field, ‘hsiehong.com.tw’, is clearly not that of the official ANZ login destination.
• The outdated copyright date listed in the landing page footer. 

Entering your login credentials into the form captured above directs you to an identity verification landing page as seen below. 

The form requires that you enter secure account information in order to verify your identity and unlock your account.

Users that complete this form fall deeper into this elaborate identity theft scam. Whilst the first form captures your ANZ login credentials giving the cybercriminal access to your online banking account, the victim has now revealed privileged information that can be used to gain access to a number of accounts – including other banks and online accounts such as Paypal and Bitcoin. Keep in mind, a number of organisations ask you to provide responses to security questions to verify ownership of an account leaving a number of accounts susceptible to infiltration. 

The final form that the victim must complete of this elaborate scam asks for a ‘valid passport photo page’, ‘national ID’ or ‘driving license’. 

Upon completing and submitting this final form, the victim is redirected to the official ANZ website leading to the impression that this identity verification process was orchestrated by ANZ.

Let’s take a look at what information this scammer now has access to:

• Your ANZ login credentials (Customer Registration Number and Password)
• Full name, DOB, mother’s maiden name and security questions/answers
• A valid copy of your passport, ID or driver’s license

This cybercriminal now has access to your bank account, any associated cards linked to your account and the funds/credit you have at your disposal. At the very least you will need to change your password and associated security questions. If you aren’t so fortunate and a scammer gains access to your funds before you find out, it’s a lengthy process to getting stolen funds back and securing all points of access to your network that can leave you vulnerable to infiltration.

As a precaution, we urge you to delete emails that:

• Appear to be from a legitimate company and are not addressed to you by name or are written in poor English.
• Require you to click a link in the email body to verify your identity. Banks are aware that cyber criminals send phishing scam emails including links to compromised websites. Your bank will always instruct you to go to their website directly, and not log into your account via a link through an email.
• Request personal information that the purported sender should already have access to.

Educating staff and employing cloud-based email filtering and web filtering, complimented by multilayered defences including desktop antivirus, anti-malware and anti-spyware will go a long way to mitigating the risk from a wide range of email scams.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

^ Back to Top