MailGuard 23 August 2021 13:51:57 AEST 10 MIN READ

'Suspicious Login' Phishing Email Purports to be from ANZ

ANZ Banking Group customers be wary of ‘alert’ emails claiming there has been a ‘Suspicious Login’ attempt on your online banking account. Targeting over 9 million customers of the bank, the cybercriminals have crafted the phishing email to steal personal details from clients for credential harvesting, and likely for fraudulent payments. It’s not surprising that criminals have spoofed a trusted name such as ANZ.  

Banks and financial services businesses are frequently the subject of email-based cybercrimes, due to their large number of customers and the value of their data and credentials. Earlier this month MailGuard intercepted a similar email scam impersonating Commonwealth Bank (CBA), and a scam spoofing National Australia Bank (NAB) earlier this year.  

The ANZ email looks like this: 


The email purports to come from a legitimate ANZ website (“”), however it actually comes from an email marketing tool named Sendgrid. Once a victim clicks on the ‘Form Ready’ button, they are taken to the following page that asks them to enter their online banking details in order to continue restoring their account. Note, the pages are neat and reflective of ANZ branding and colouring 


After ‘logging in’ the victim is asked to enter their ANZ credit or debit card number, followed by the CCV2, Expiry Date and Date of Birth details to ‘verify’ the identification of the customer. The phishing pages appear to be hosted by a company called “orangewebsite”.  



After entering this information, the victim is taken to the final page that tells the customer that their account has been confirmed, and access to their online account has now been verified.  


The accurate use of ANZ branding and consistent styling can easily mislead victims into thinking that this was a legitimate alert from the bank. Entering personal details such as your credit card information provides criminals with data need to steal funds from your account or execute other fraudulent payments, along with credential harvesting for use in other criminal activity such as identity fraud.  

Despite this attempt by scammers to steal sensitive financial data, upon closer inspection, recipients can identify grammatical errors found in the body of the email, as well as the odd request to enter your credit card details for verification purposes.  

ANZ Banks provides the following advice to its’ customers: 

“How ANZ fights phishing attempts 

ANZ is vigilant about customer security. The bank advises that it does not send emails asking for personal information or security credentials. 

Recipients can access more information on The ANZ Security Centre found here: 

ANZ also offers these tips on preventing online fraud attempts: 

  • Check the address bar of your browser to see if ANZ’s website address has changed from http:// to https:// 
  • Check to see if a security icon that looks like a lock or a key is visible near the address bar on any page that you need to enter your security credentials. 

To minimise your chances of becoming a victim of a phishing scam, ANZ advises: 

  • Don’t respond to emails requesting personal information or security credentials. 
  • Change passwords on a regular basis. 
  • Keep your antivirus and firewalls up to date and perform regular scans on your computer.” 

MailGuard urges all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your financial well-being.  

MailGuard urges users not to click links or open attachments within emails that:   

  • Are not addressed to you by name.   
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.   
  • Are from businesses that you were not expecting to hear from, and/or   
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.   

One email is all that it takes   

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.   

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's network.

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates