Akankasha Dewan 20 April 2020 18:12:14 AEST 4 MIN READ

Phishing email spoofing ANZ asks for users’ phone numbers in pre-drafted email

Cybercriminals have once again exploited ANZ Banking Group’s trademarks in a phishing email scam.

The email’s subject lines includes an invoice number, with a display name of “Visa Secure|ANZ”. The sender’s email address does begin with the words “anz-invoice” but uses a domain not belonging to the bank. The email actually originates from a single email address created ad hoc for this scam.

Here is a screenshot of the email:

ANZ Scam_Email Zoom_200420

Upon clicking the link, an email draft pops up, with the “to:” field inserted with an email address. While this email address begins with “contact.anz”, it includes an email domain that doesn’t belong to ANZ. The “from:” field is empty, and the subject line used in this email draft is the same as the original email received by the user. A line is included within the body of this draft, telling the recipient to insert his/her phone number in order to get a call “as soon as possible to confirm some information”.

Here is a screenshot of this draft email:

ANZ Scam_Draft Email_200420

This sole purpose of this phishing scam is to harvest the phone numbers of ANZ customers. If you have received this email, please report it to ANZ's Internet Banking team on 13 33 50 (International +61 3 9683 8833).

A key feature of this email scam is how it aims to trick users by not including any malicious links within the email. Instead, by including a pre-populated draft of an email asking for users’ personal data, it attempts to evade detection by email security filters who may not identify it as a scam email.

Here are some additional techniques it employs to trick users:

  • The use of a display name like “Visa Secure| ANZ” and a subject line containing an invoice number: This not only attempts to trick recipients that the email is sent from a secure, credible source, but that a legitimate invoice has been generated (with a number).

  • The email includes high-quality branding elements like ANZ’s logo – again helping to boost the page’s legitimacy.

  • The body of the email begins with an obfuscated credit card number - again, this is done to convince recipients that the sender actually does have their account details and that an unauthorized transaction request actually has been made. This can be concerning and alarming for recipients, who may respond to the email immediately without pausing to check for the legitimacy of the email.

Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and that the email domains used both in the original email received and in the draft email doesn’t belong to ANZ.

How ANZ fights phishing attempts

ANZ is vigilant about customer security. The bank advises that it does not send emails asking for personal information or security credentials.

Recipients can access more information on The ANZ Security Centre found here: https://www.anz.com.au/security/protect-your-virtual-valuables/scams/

ANZ also offers these tips on preventing online fraud attempts:

  • Check the address bar of your browser to see if ANZ’s website address has changed from http:// to https://
  • Check to see if a security icon that looks like a lock or a key is visible near the address bar on any page that you need to enter your security credentials.

To minimise your chances of becoming a victim of a phishing scam, ANZ advises:

  • Don’t respond to emails requesting personal information or security credentials.
  • Change passwords on a regular basis.
  • Keep your antivirus and firewalls up to date and perform regular scans on your computer.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates