The scam email hit a large number of inboxes in a short space of time this morning, starting at 9.05am.
The savvy cybercriminals leave little to chance in their efforts to dupe victims.
The formatting, grammar and branding are near-perfect.
Cheekily, they even include a security notice advising that ‘ANZ will not send you an email or SMS asking you to verify account details, financial details or login details for ANZ Phone Banking, ANZ Internet Banking or ANZ Mobile Banking’.
This advice is included on legitimate statement emails from ANZ, and references well-known scams designed to lure people into handing over access to their online accounts.
Here's the fake statement email:
And here's a legitimate ANZ statement email, sent in recent weeks:
How to tell this is a fake
Two key things set apart the fake from a legitimate ANZ statement email.
ANZ bank, following industry best-practice, tells its customers their statement is available and to log on to ANZ Internet Banking to view it.
The exact type of malware isn’t yet clear, but it is designed to:
- Steal private information from local internet browsers
- Install itself for autorun at Windows startup
- Implement a process that significantly delays the analysis task.
Today’s attempt comes from a domain registered in China two days ago.
The display name is firstname.lastname@example.org – which is the same domain used by ANZ to issue legitimate invoice statement notices.
But those who hover over the address can see the real address is different: statements @ anzhost.org. This is where it really comes from.
While MailGuard customers are protected against this, many Australians will be vulnerable.
Scams step up in scale
The past month has seen a huge uptick in fraud emails, both in frequency and scale. An enormous ASIC malware attack yesterday inundated inboxes for 24 hours, while Origin Energy, MYOB, Energy Australia and Westpac have also had their brands leveraged.
Advice from ANZ on reporting fraud
“Quick rule of thumb: if it sounds too good to be true, it probably is,” ANZ advises.
“Delete the email or SMS immediately. Please contact the ANZ helpdesk immediately if you have:
- Clicked on any links or downloaded any attachments
- Responded to the hoax email, SMS or phone call with your banking details
- Noticed any unusual payments.”
For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.