Jaclyn McRae 11 July 2017 12:13:01 AEST 3 MIN READ

Warning: ANZ impersonated in high-risk malware scam

 A highly-convincing fake ANZ bank invoice is today targeting customers with data-stealing malware.

The scam email hit a large number of inboxes in a short space of time this morning, starting at 9.05am.

The savvy cybercriminals leave little to chance in their efforts to dupe victims.

The formatting, grammar and branding are near-perfect.

Cheekily, they even include a security notice advising that ‘ANZ will not send you an email or SMS asking you to verify account details, financial details or login details for ANZ Phone Banking, ANZ Internet Banking or ANZ Mobile Banking’.

This advice is included on legitimate statement emails from ANZ, and references well-known scams designed to lure people into handing over access to their online accounts.

Here's the fake statement email:

fake ANZ statement email 1 MailGuard July11.png

And here's a legitimate ANZ statement email, sent in recent weeks:

Legitimate ANZ statement email 3 MailGuard July11.jpg

How to tell this is a fake

Two key things set apart the fake from a legitimate ANZ statement email.

ANZ bank, following industry best-practice, tells its customers their statement is available and to log on to ANZ Internet Banking to view it.

But the scam version has a ‘View statement’ button. This button launches the download of malware onto a victim’s system. It takes the form of a .ZIP archive file containing a malicious JavaScript file.

The exact type of malware isn’t yet clear, but it is designed to:

  • Steal private information from local internet browsers
  • Install itself for autorun at Windows startup
  • Implement a process that significantly delays the analysis task.

fake ANZ statement email 2 MailGuard July11.png fake ANZ statement email 3 MailGuard July11.png

Extra details

Today’s attempt comes from a domain registered in China two days ago.

The display name is statements@anzcommunications.anz.com – which is the same domain used by ANZ to issue legitimate invoice statement notices.

But those who hover over the address can see the real address is different: statements @ anzhost.org. This is where it really comes from.

While MailGuard customers are protected against this, many Australians will be vulnerable.

Scams step up in scale

The past month has seen a huge uptick in fraud emails, both in frequency and scale. An enormous ASIC malware attack yesterday inundated inboxes for 24 hours, while Origin Energy, MYOB, Energy Australia and Westpac have also had their brands leveraged.

Advice from ANZ on reporting fraud

“Quick rule of thumb: if it sounds too good to be true, it probably is,” ANZ advises.

“Delete the email or SMS immediately. Please contact the ANZ helpdesk immediately if you have:

  • Clicked on any links or downloaded any attachments
  • Responded to the hoax email, SMS or phone call with your banking details
  • Noticed any unusual payments.”

For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Keep Informed with Weekly Updates


^ Back to Top