Vinelli Alarcon 10 January 2020 11:29:15 AEDT 3 MIN READ

ANZ Bank exploited again in a new phishing scam designed to steal banking credentials

ANZ Banking Group customers are the target of the most recent email phishing scam. The email’s sender display name is ‘ANZ Online’ however the emails are coming from a compromised email account.

The email is short and straightforward; it advises recipients that ‘You Have One Important Security Message In Your Internet Banking Account’ and contains a link to ‘Log On & View Your Message.’


Several red flags indicate that this email is indeed fraudulent, including:

  1. The email is not addressed to the recipient; ‘Dear ANZ Customer’ is not an identifier
  2. The email does not contain any of the recipient’s personal information
  3. Grammar errors like ‘Log On’ and the misspelling and additional circumflex accent mark in ‘AccountÂ’
  4. Awkward formatting


Unsuspecting recipients who click on this link are led directly to a legitimate-looking copy of the ANZ Internet Banking login page. See below; this is a phishing page designed to trick recipients into providing their login credentials.



This scam doesn’t stop there. The cybercriminals behind this scam try to harvest even more sensitive data by asking recipients to provide answers to five security questions, as per the below:


Additional red flags on this landing page that highlight that this is, in fact, a scam, include various grammar and punctuation mistakes such as ‘update questions & Answer’ and ‘Verify to us your security questions…’, and even the way the content is formatted is a tip-off. 

Recipients tricked into handing over their banking credentials, and the answers to security questions are redirected to the actual ANZ website.

If you receive this email scam, delete the email. Remember to type website addresses into your browser’s address bar rather than clicking on any links in emails, and never respond to emails requesting personal information or security credentials.

Cybercriminals frequently exploit the branding of large companies like ANZ in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of customers, ANZ is a regular victim of these scams. 

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to click on any suspicious links.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

Defend your inbox

Even the most experienced and savvy email users can have a moment of haste, carelessness or fatigue when their guard is down. Just practising good common sense isn’t enough anymore, because for scammers it’s a numbers game; they know that if they keep sending their scams, sooner or later we will slip up and do something we shouldn’t.

Phishing scams can be enormously costly and destructive, and new scams are appearing every day. Don’t wait until it happens to you or someone in your business; take action to protect your inboxes, now.

Speak to the MailGuard team today to learn more how MailGuard's predictive and advanced email security can help protect your business for a few dollars per staff member per month. 

Talk to a solution consultant at MailGuard today about securing your company's network. 

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates