Akankasha Dewan 06 March 2019 11:10:08 AEDT 4 MIN READ

Warning: ANZ Bank impersonated in phishing email that asks users to confirm ‘challenge questions’

ANZ Banking Group’s trademarks have been exploited in a new phishing email scam.

First detected by MailGuard yesterday afternoon (AEDT), the hallmark of this scam lies in how authentic it looks – right from the actual email that is infiltrating inboxes to the exceedingly legitimate-looking fake ANZ landing pages that are linked to this email.

Using a display name of 'Support' the email is actually sent using Amazon web services. The ‘from’ address within the message uses the domain ‘@anzsupport.cf’.

The body of the email explains the bank’s use of challenge questions for securing accounts. Recipients are then informed that they need to confirm their challenge questions and answers. A link is provided to sign in and confirm these.

Here is a screenshot of the email:

ANZ 1-2

Unsuspecting recipients who click on the link are led to an ANZ branded site with a field for Customer Registration Number and password:


Once the user clicks login, they are taken to a second page asking them to select 3 challenge questions and enter the answers. If the user then confirms their challenge questions, they are redirected to the actual ANZ website.


This sole purpose of this elaborate phishing scam is to harvest the login credentials of ANZ customers so the criminals behind this scam can break into their bank accounts.

By typing in your account number and password, you’re handing this sensitive account information to cybercriminals.

If you also tell the scammers your security question, it allows them to attempt other fraudulent actions, such as calling them back and trying to access your accounts.

MailGuard has notified ANZ Australia of this email scam. If you have received this email, please report it to ANZ's Internet Banking team on 13 33 50 (International +61 3 9683 8833).

As you can see from all the screenshots above, cybercriminals have taken great pains to replicate official landing pages from ANZ – including incorporating the bank’s branding and logo using high-quality graphical elements. All this is done in an attempt to trick the users into thinking the scam is legitimate.

It is also interesting to note that the body of the scam email is, ironically, focused on enhancing the usage of a key safety feature i.e. the bank’s challenge questions. This only adds on to the sense of legitimacy evoked by the email as updates on account safety is a common notification expected of such a well-established bank. All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details.    

How ANZ fights phishing attempts

ANZ is vigilant about customer security. The bank advises that it does not send emails asking for personal information or security credentials.

Responding to our query for a comment, a representative from ANZ advised recipients who have received such a hoax/suspicious email or text claiming to be from ANZ to do the following:

  1. Do NOT click on any unexpected/unusual links or open attachments.
  2. Forward the suspicious email or SMS to hoax@cybersecurity.anz.com
  3. Delete the message from your inbox.

The representative also advised recipients to contact the bank immediately if they have shared any banking details in response to this email, "accidentally clicked on any links or downloaded any attachments, or noticed any unusual transactions" on their accounts.

"Remember that ANZ will never send you an email/SMS asking for your account details, financial details, or your log in details for ANZ Phone Banking, ANZ Mobile Banking or ANZ Internet Banking," the representative stated.

Recipients can access more information on The ANZ Security Centre found here: https://www.anz.com.au/security/protect-your-virtual-valuables/scams/

ANZ also offers these tips on preventing online fraud attempts:

  • Check the address bar of your browser to see if ANZ’s website address has changed from http:// to https://
  • Check to see if a security icon that looks like a lock or a key is visible near the address bar on any page that you need to enter your security credentials.

To minimise your chances of becoming a victim of a phishing scam, ANZ advises:

  • Don’t respond to emails requesting personal information or security credentials.
  • Change passwords on a regular basis.
  • Keep your antivirus and firewalls up to date and perform regular scans on your computer.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top