ANZ phishing email scam tells users their security challenge answers are ‘incorrect’

Posted by Akankasha Dewan on 24 May 2019 10:36:24 AEST

Cybercriminals have once again exploited ANZ Banking Group’s trademarks in a phishing email scam.

First detected by MailGuard on 23rd May (AEST), this email scam uses a display name of 'ANZ' and is titled ‘Successful BPAY Payment Advice.’

The body of the email explains that the user-requested BPAY payment has been successful. Several payment related details are provided, such as customer code, payment amount, payment date etc.   A link is included to ‘view transaction history and provide detail’.

Here is a screenshot of the email:

ANZ 23_05_19

Unsuspecting recipients who click on the link are directed to a URL that points to another URL. Both URLs have been analyzed by MailGuard and they resulted clean.

The second URL leads to a legitimate looking copy of the ANZ login page, as per the below screenshot:

ANZ 2_24

Upon entering their log in details, users are redirected to a page that simulates a blocked account scenario with 3 challenge questions to be answered:

anz 3-24

Once the users have answered all 3 questions, they are then informed that their answers are incorrect:


This sole purpose of this elaborate phishing scam is to harvest the login credentials of ANZ customers so the criminals behind this scam can break into their bank accounts.

By typing in your account number and password, you’re handing this sensitive account information to cybercriminals.

If you also tell the scammers details of your security questions and answers, it allows them to attempt other fraudulent actions, such as calling them back and trying to access your accounts.

If you have received this email, please report it to ANZ's Internet Banking team on 13 33 50 (International +61 3 9683 8833).

As you can see from all the screenshots above, cybercriminals have taken great pains to replicate official landing pages from ANZ – including incorporating the bank’s branding and logo using high-quality graphical elements. All this is done in an attempt to trick the users into thinking the scam is legitimate.

It is also interesting to note that the body of the scam email is, ironically, focused on enhancing the usage of a key safety feature i.e. the bank’s challenge questions. This only adds on to the sense of legitimacy evoked by the email as updates on account safety is a common notification expected of such a well-established bank. All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details.    

Despite this, vigilant cyber users should be able to spot several tell-tale signs in the email itself which point to its illegitimacy. These include the fact that the email doesn’t address the recipient by name and contains no ANZ-related branding save the display name.

How ANZ fights phishing attempts

ANZ is vigilant about customer security. The bank advises that it does not send emails asking for personal information or security credentials.

Recipients can access more information on The ANZ Security Centre found here:

ANZ also offers these tips on preventing online fraud attempts:

  • Check the address bar of your browser to see if ANZ’s website address has changed from http:// to https://
  • Check to see if a security icon that looks like a lock or a key is visible near the address bar on any page that you need to enter your security credentials.

To minimise your chances of becoming a victim of a phishing scam, ANZ advises:

  • Don’t respond to emails requesting personal information or security credentials.
  • Change passwords on a regular basis.
  • Keep your antivirus and firewalls up to date and perform regular scans on your computer.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.


One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. 

All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: 

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all