ANZ customers are the target of yet another email phishing run by cyber criminals.
Just as we have seen in previous fake ANZ phishing scams, this spam run mimics characteristics of legitimate ANZ communication to trick the user into believing this notification is from the ‘big four’ bank.Here is a screenshot of one variation MailGuard has successfully identified and blocked:
As you can see in the example above, the sender appears as ‘ANZ’, and alerts the recipient of a temporary suspension of their ANZ online access.
There is one link contained within the body of the email that prompts the user to log on to their ‘ANZ Internet Banking’ account and complete a verification process.
The above image is the destination page of the link we highlighted above. This is a replica of the official ANZ internet banking login page. Its inauthenticity is given away by the URL in the website address bar - obviously not that of ANZ.
Unfortunately, some victims will naively miss this crucial giveaway and not detect it as a phishing page.
Submitting your login credentials into the provided form directs you to a ‘Restore Access for ANZ Internet Banking’ verification process.
The victim is prompted to enter verification information including their Date of Birth and Credit Card details. The target is promised that access will be restored to their online banking account upon submitting these details.
After successful submission, the victim is redirected to the official ANZ landing page via a fake processing page.
Let’s take a look at what this scammer now has access to:
ANZ customers are often the target of zero day email phishing scams. Cyber criminals are growing increasingly sophisticated in how they orchestrate attacks, it’s important to exercise vigilance when carrying out daily, menial tasks like sifting through emails in your inbox.
As a precaution, we urge you to delete any emails that meet the following phishing checklist:
ANZ offers safe and secure online banking, and helps to identify and report email scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling them.
Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.