ANZ Impersonated in Scam Aiming to Steal Banking Credentials

Posted by Daniel McShanag on 13 December 2019 13:51:19 AEDT

ANZ Banking Group customers are the target of the most recent email phishing scam being blocked by the MailGuard team. The email, which features the New Zealand Black Caps, tells recipients that ‘Online Banking is Now Blocked.’ Advising customers that they have been locked out of Internet Banking for security purposes because suspicious activity was detected on the account. Customers are asked to verify their identity in order to unlock their account.

Screenshot from 2019-12-13 10-48-28

By clicking ‘Enter here’ customers are directed to a replica ANZ Internet Banking login page, however once a user submits their registration number and password, they will receive a message saying “Oops! Something went wrong. Please try again.”

Screenshot from 2019-12-13 10-45-14

The original email is very long. Scrolling further down reveals an array of links to ANZ marketing campaigns, such as this ‘Bat for your Cap’ game promotion relating to the New Zealand Black Caps cricket team, and other content most notable of which is ‘Your Internet Security.’   

anz-scam-01

The phishing site is hosted on a recently registered domain, which appears as an obvious attempt at brandjacking: web-anz(dot)com. The email display name is also ANZ.  

There are several red flags that are warning signs to users that the email is in fact a scam. The most obvious being the From: address. A suspicious looking domain is used. Upon closer inspection, the subject reveals that special characters have been used, most noticeable are the 'K' characters, which are in fact special characters and not an actual K.

The message body also starts with special characters and clear spelling errors in 'Dead valued custumer {first name}. Where {first name} is the recipients email address alias - the first portion of your email address (before the @ symbol).

At the time of writing, MailGuard was the only vendor to identify and block this scam, and it is continuing to intercept attempts by the criminals at reaching a wide number of user email accounts. 

Checking the sender details of suspicious emails is one way of verifying whether they are legitimate communications or phishing attacks. In this instance, the email does not originate from an ANZ email domain.

Cyber-criminals frequently exploit the branding of large companies like ANZ in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of customers, ANZ is a regular victim of these scams. 

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to click on any suspicious links.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

Defend your inbox

Even the most experienced and savvy email users can have a moment of haste, carelessness or fatigue when their guard is down. Just practising good common sense isn’t enough anymore, because for scammers it’s a numbers game; they know that if they keep sending their scams, sooner or later we will slip up and do something we shouldn’t.

Phishing scams can be enormously costly and destructive, and new scams are appearing every day. Don’t wait until it happens to you or someone in your business; take action to protect your inboxes, now.

Speak to the MailGuard team today to learn more how MailGuard's predictive and advanced email security can help protect your business for a few dollars per staff member per month. 

Talk to a solution consultant at MailGuard today about securing your company's network. 

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates

 

 

Topics: Phishing brand exploitation brandjacking fraud ZeroDay spoofing fastbreak

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all