MailGuard have identified and successfully blocked an email phishing scam orchestrated by a team of cyber criminals targeting ANZ customers.
This zero day threat preys on the trust of ANZ customers and mimics characteristics of ANZ brand communications to fool customers into believing this email is legitimate.
Here is a screenshot of the type of email to watch out for:
As you can see in the example above, the fraudsters have forged the sender address to match the purported sender’s legitimate domain - this email appears to originate from, ‘firstname.lastname@example.org’.
Additionally, this variation also incorporates official branding including the ANZ email header and footer.
Employees of high-pressure businesses, often multi-tasking and overloaded with tasks can be left exposed to scams like this. The authentic-looking sender address and brand graphics might be enough to verify the legitimacy of this email as official correspondence for these recipients.
This simple oversight is what spammers exploit, it only takes a moment of inattention or a lack of vigilance to be infiltrated.
Fortunately, there are a number of elements we can look at to identity this email as a scam and immediately delete it.
- The impersonal salutation, ‘Dear Customer’.
- The poor written English and grammatical mistakes littered throughout, especially considering the purported sender is a well-known Australian organisation.
- Require you to click a link in the email body to verify your identity. Banks are aware that cyber criminals send phishing scam emails including links to compromised websites. Your bank will always instruct you to go to their website directly, and not log into your account via a link through an email.
- Hover over the ‘click here’ destination link to identify the malicious URL.
Upon clicking the link, the recipient is directed to the fake login page you see above. This is an exact copy of the official ANZ login page. The offending cyber criminals have even replicated the ‘online security’ information available in the right sidebar of the legitimate website.
The only giveaway of its inauthenticity is the URL highlighted in address bar. As part of this sophisticated campaign, the cybercriminals have made an attempt to replicate the ANZ online banking URL.
As you can see in the screenshot of the official ANZ login page URL below, the URLs seem relatively similar to the untrained eye. It’s also important to recognise the SSL certification - which should be present when logging into internet banking (as shown below).
Submitting your login credentials into the provided form directs you to a ‘Limited account’ verification process.
The victim is prompted to enter further, more personal, verification details to remove their account limitation.
Upon clicking ‘update information’, the target is then redirected to a legitimate ANZ security landing page and led to believe that there may have been a bug in their failure to remove the limit on their account.
Let’s take a look at what this scammer now has access to:
- Your ANZ banking account
- The debit/credit card information you just disclosed all details to
- Verification information (first and last name, date of birth) that can be used to verify authentication and gain access to other services
ANZ customers have been hit particularly hard by zero day phishing threats, here is another variation we have reported on to exercise vigilance against.
ANZ offers a comprehensive online resource to help identify and report email scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling them.
Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.