An email scam using a fake ANZ Bank login page is dropping on inboxes today.
MailGuard detected the new scam which uses sophisticated graphical elements to create the illusion of genuine ANZ branding.
Cybercriminals attempt to gain the trust of unsuspecting scam victims by exploiting the trademarks of trusted companies.
ANZ Bank, like many other high profile organisations, has been brandjacked in email scams detected by MailGuard before.
The object of this scam is to harvest the login details and personal data of victims.
The email sent by the scammers (shown below) asks them to follow a link and login to their ANZ account:
If they click on the link in the email, the victim is sent to a phishing site that is designed to look like an ANZ banking login page but actually collects their information for identity theft purposes:
The sending email addresses and website URLs used in this cybercrime attack see to be existing URLs that have been hacked and compromised.
Although the ‘sender’ name on the email is “Australia and New Zealand Banking Group.au,” the actual sending addresses are associated with the @balikesir.academia.edu email domain.
Some examples of the scam sender addresses are:
- abibcv@balikesir.academia.edu
- ajicxj@balikesir.academia.edu
- bnvjvc@balikesir.academia.edu
- ddarin@balikesir.academia.edu
- dxpcro@balikesir.academia.edu
- etxbmn@balikesir.academia.edu
- fmhzrk@balikesir.academia.edu
- gbgjdi@balikesir.academia.edu
- gchgum@balikesir.academia.edu
- gutxys@balikesir.academia.edu
- gyqxka@balikesir.academia.edu
- huknag@balikesir.academia.edu
- khncbq@balikesir.academia.edu
- khwfoi@balikesir.academia.edu
- lgfkhl@balikesir.academia.edu
- lmveva@balikesir.academia.edu
- mgclli@balikesir.academia.edu
- mrzpwc@balikesir.academia.edu
At time of writing, no other security vendors are detecting this attack.
MailGuard has alerted ANZ Bank on social media to help them protect their customers from this pernicious scam.
#ZERODAY #FastBreak phishing scam: basic plain text email links to a legit @ANZ_AU #phishing site. Sender email and domain hosting the site appear to be compromised. More details shortly on the blog: https://t.co/LXSJ502hDz#EmailScam #Phishing #CyberCrime @scamwatch_gov pic.twitter.com/ctuFLi0VoS
— MailGuard (@MailGuard) April 19, 2018
Please share this threat alert with your social media network and help your contacts avoid falling prey to this scam.
Brandjacking
If your company’s email accounts aren’t protected, brandjacking emails are almost certainly being received by your staff. Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we are all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:
