MailGuard are seeing further runs of fake emails purporting to be from well-known Australian banks, tricking email recipients into handing over their personal online banking and credit card details.
A recent phishing scam has targeted ANZ Internet Banking customers and phishes for customer’s banking details using an age old tact; by alerting recipients to a possible unauthorised transaction made on their account.
Below is an example of the fake email:
The recipient is requested in the email to log in to their account and cancel the transaction if they didn’t authorise a transfer to the specified recipient.
If you were to read this email, your first instinct may be to log in and stop the transaction. One indication that this email is fake is the US spelling. ANZ is an Australian banking corporation, and therefore would not write to you with American spelling (as circled in the email sample above).
You will also notice that the email doesn’t address the recipient personally. A legitimate email from your bank should address you by name. The email also requests that you log in from the link supplied in the email. Banks are very aware that cyber criminals send phishing scams and include links to compromised websites where they have planted fake login pages or malware for obtaining financial information deceptively. This is why your bank will always instruct you to go to their website directly, and not log into your account via a link through an email.
If you were to continue and click the login link contained in this particular email, you are then taken to the login page in the example below.
If you look closely at the website address, you will see it is not like a legitimate ANZ internet banking website URL, for example https://www.anz.com.au/small-business.
By filling in your customer registration number and password details, you are in fact giving the cyber criminals access to your online banking account. This phishing scam continues to phish for more personal information including your credit card details with the second landing page.
Once you divulge your personal information and hit submit, you are then redirected to the legitimate ANZ internet banking website, none the wiser that you have just been scammed.
As you can see, the legitimate website URL is very different to the one linked to the ‘phishy’ email.
To ensure you don’t become a victim of a phishing scam, make sure you always type your online banking URL directly into your secure browser, use the official banking app on your smartphone or contact your bank directly by telephone.
As well as understanding what to look for and educating your staff, you can help protect your business from a wide range of phishing scams and ‘fastbreak’ or ‘zero day’ attacks by utilising multilayered security defences.
Multilayered defences including desktop antivirus, anti-malware, anti-spyware, and cloud-based email and web filtering, can help protect your business from cyber criminals infiltrating your IT network.
You can learn more about why you may still be receiving phishing scams in this great article Top 3 Reasons Your AV Isn’t Stopping Fastbreak, Phishing And Other Spam Attacks Like Cryptolocker.
^ Back to Top
