A new fake ANZ email scam has been delivered to thousands of Australian email users. The seemingly legitimate communication targeting banking customers, impersonates the ANZ Bank. This most recent phishing attempt is similar to a recent campaign by cyber criminals.
The email scares recipients into opening and clicking through by suggesting there is a security alert relating to activity on the account.
First to stop new attacks, MailGuard is consistently between 2 hours and 48 hours ahead of the market in preventing fast breaking attacks. Most on-premise or hybrid anti-virus vendors require software updates across multiple instances, which can take hours or even days, leaving clients vulnerable.
Here is a sample of the latest phishing email puporting to be from ANZ Bank:
The email is not personally addressed to the intended recipient, but asks that the recipient log into their account to solve the issue. Clicking ‘View Your Message’ will actually take you to a fake landing page which appears identical to the ANZ banking login page.
You will notice the URL is not at all related to the legitimate ANZ URL. The cyber criminals have used compromised WordPress sites to host their phishing pages. In this case they're after the Customer Registration Number (CRN) and Password of the ANZ online account. By handing over these credentials, the recipient has given cyber criminals access to their online account.
If the compromised site is not very popular, the webmasters or hosting providers typically see the massively increased traffic and promptly bring the phishing site down.
Once the recipient has hit ‘Log On’, they are immediately redirected to the legitimate ANZ website.
How can I protect myself from these types of email scams?
To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
- Seem suspicious and ask you to download files or click any links within an email to access your account.
- Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including multiple grammatical errors)
- Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate
ANZ ask customers to report any unusual transactions or phishing scams. This helps ANZ to alert other customers and to be vigilant for any possible illegitimate transactions.
We recommend that you share these tips with your staff to make them aware of these campaigns. By employing a cloud-based email and web filtering solution like MailGuard, you’ll also reduce the risk of these new variants of phishing from entering your network in the first place.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.
