ANZ Banking Group customers, don’t be alarmed if you receive an email claiming your Internet Banking service has been suspended. The bank has once again been spoofed by cybercriminals in a phishing email scam.
MailGuard intercepted a phishing email titled “Internet Banking – System notification”. The email uses the display name “ANZ Help Desk” and informs users that their Internet Banking service “has been suspended for security reasons”. It asks users to confirm their identity as part of the bank’s “security measures” and asks them to click on a provided button.
Here’s what the email looks like:
Unsuspecting recipients who click on the link are led to a fake ANZ-branded login page with a field for Customer Registration Number and password. This is actually a phishing page hosted on GoDaddy.
Once these credentials are entered and submitted, the attacker also asks for answers to their security questions, as per the below:
Once these security questions are answered, they are harvested for later use, and the user is met with an error asking for more answers to security questions, specifying that they should be different to the previously submitted ones. This loops three times, until the user is met with a success message, and is redirected to the real ANZ website.
The purpose of this elaborate phishing scam is to harvest the login credentials of ANZ customers so the criminals behind this scam can break into their bank accounts. By typing in your account number and password, you’re handing this sensitive account information to cybercriminals.
If you also tell the scammers your security question, it allows them to attempt other fraudulent actions, such as committing identity theft and trying to access your accounts.
It is interesting to note that the body of the scam email ironically, uses a “safety measure” to trick recipients into revealing their details, i.e. asking them to confirm their identity. This only adds on to the sense of legitimacy evoked by the email as updates on account safety, and the usage of security questions are common safety features expected of such a well-established bank. All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details. Telling users that their Internet banking service “has been suspended” is likely an attempt to evoke panic and urgency among users, further motivating them to rectify the situation and regain access by clicking on the link, without pausing to check for its legitimacy.
As you can see from all the screenshots above, cybercriminals have taken great pains to replicate official landing pages from ANZ – including incorporating the bank’s branding and logo using high-quality graphical elements. All this is done in an attempt to trick the users into thinking the scam is legitimate.
Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and it doesn’t employ any of ANZ’s traditional branding elements (logo etc.) in the email.
How ANZ fights phishing attempts
ANZ is vigilant about customer security. The bank advises that it does not send emails asking for personal information or security credentials.
Recipients can access more information on The ANZ Security Centre found here: https://www.anz.com.au/security/protect-your-virtual-valuables/scams/
ANZ also offers these tips on preventing online fraud attempts:
To minimise your chances of becoming a victim of a phishing scam, ANZ advises:
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.