Akankasha Dewan 25 November 2019 12:20:57 AEDT 5 MIN READ

Phishing email impersonating ANZ Bank uses safety disclaimers to trick recipients

ANZ Banking Group’s trademarks have once again been exploited in a new phishing email scam.

The malicious emails are infiltrating inboxes using a display name of ‘ANZ Internet Banking’ and are titled ‘ANZ INTERNET BANKING ACCOUNT ALERT’. The sending address displayed in the 'From' field uses the domain '@alert.com'. MailGuard detected the emails actually come from a compromised email account.

The message body contains a high-quality ANZ logo and advises the recipient they have a ‘pending verification waiting to validate’ and that they should log in to their account to view this message. A link is included to ‘View Your Message along with today’s date.

Here is a screenshot of the email:

ANZ 25_11 edited

Unsuspecting recipients who click on the link are led directly to a legitimate-looking copy of the ANZ login page that asks for their confidential details. This is actually a phishing page.

ANZ 2_2511

Users who enter their details and click ‘Log on’ are led to a 'security page' once again spoofing ANZ’s branding & logo. This page asks users to 'verify' their security questions and answers.

ANZ3_2511

Once all of the above fields have been completed and recipients click ‘Continue’, a message appears on screen thanking them for using ANZ Internet Banking, as per the below:

ANZ 4 25_11

Clicking ‘OK’ finally redirects the recipient to the actual ANZ website.

This sole purpose of this elaborate phishing scam is to harvest the login credentials of ANZ customers so the criminals behind this scam can break into their bank accounts.

MailGuard has notified ANZ Australia of this email scam. If you have received this email, please report it to ANZ's Internet Banking team on 13 33 50 (International +61 3 9683 8833).

As you can see from all the screenshots above, cybercriminals have taken great pains to replicate official landing pages from ANZ – including incorporating the bank’s branding and logo using high-quality graphical elements. All this is done in an attempt to trick the users into thinking the scam is legitimate.

It is also interesting to note that the body of the scam email includes a note explaining that due to ‘privacy & security reasons’, it is unable to include personal details like the recipient’s account name and number. The lack of these details is widely considered to be a red flag associated with scam emails. Including a reason to explain why these details have been omitted is therefore an attempt by the cybercriminals to provide a justification for this red flag and boost the credibility of the email.

A focus on security is, ironically, a key feature of this scam email, considering the additional security reminder in the email footer that ANZ will ‘NEVER send an email which includes a link that redirects you to logon to internet banking’. These security reminders are commonly expected of such a well-established bank. All this serves to elicit a more confident response from recipients who think they are validating their accounts by clicking on the provided link and entering their confidential login details.    

However, despite these attempts, this email scam contains several other tell-tale signs that point to its illegitimacy. These include grammatical errors like 'banking account have a pending verification' as well as spacing errors. 

What to do if you have received this email

Recipients who have received such a hoax/suspicious email claiming to be from ANZ are advised do the following:

  1. Do NOT click on any unexpected/unusual links or open attachments.
  2. Forward the suspicious email or SMS to hoax@cybersecurity.anz.com
  3. Delete the message from your inbox.

Recipients can access more information on The ANZ Security Centre found here: https://www.anz.com.au/security/protect-your-virtual-valuables/scams/

ANZ also offers these tips on preventing online fraud attempts:

  • Check the address bar of your browser to see if ANZ’s website address has changed from http:// to https://
  • Check to see if a security icon that looks like a lock or a key is visible near the address bar on any page that you need to enter your security credentials.

To minimise your chances of becoming a victim of a phishing scam, ANZ advises:

  • Don’t respond to emails requesting personal information or security credentials.
  • Change passwords on a regular basis.
  • Keep your antivirus and firewalls up to date and perform regular scans on your computer

It's time to get the protection your business needs. 

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Complement this multi-layered defence with on-premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.

MailGuard is protecting our customers from being infected by this widespread, sophisticated email scam.

Add MailGuard's cloud-based email filtering solution to your business security and stop malicious emails entering your network. Click here to get more information about our cyber-security solutions.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates