ANZ brand under attack again as scammers deploy phishing tactics
- 29 August, 2017 05:00
A new phishing scam wave impersonating the ANZ brand has once again hit Australian inboxes, targeting customers across the country.
The flurry of dodgy emails, which hit on 28 August, advises recipients that their “last payment was unsuccessful”, before prompting users to click on a link and update phone number contacts.
Furthermore, the link takes recipients to a very similar looking ANZ internet banking page asking users to log in with the intent to access customer’s registration numbers and passwords.
Scammers go even further, by asking recipients who go past the login page to disclose the answers to “three security questions”.
Email filtering company, MailGuard, said the scam hit a large number of inboxes in a short space of time, with the company starting blocking it at 8:16AM on 28 August.
The emails have ANZ Internet Banking for the display name and were sent from the following address customer.data @anz. com (altered).
MailGuard has reminded potential victims that poor grammar is usually a giveaway on email scams such as this one. Additionally, this particular attack does not address the customer by name, and uses a random account number.
“One of the surest ways to detect a fake is to hover over the email sender name, or in this case also check the landing page URL, to see if it looks legitimate," MailGuard wrote in a blog post.
"In this case, the landing page resides at https://djarlo.net/anz which is a clear indication that it’s not a genuine Internet Banking page hosted by the ANZ Bank."
Just over a month ago, another scam using ANZ’s brand hit inboxes trying to get people to click on a “View statement” button. The button would launch the download of malware onto a victim’s system.
At the time, MailGuard was able to identify that the cybercriminals had used a domain registered in China only to days prior to the attack.
At 10:33AM on 28 August, MailGuard CEO Craig McDonald revealed via Twitter that the company was also blocking a wave of scam phishing emails using Dropbox’s brand.
The emails link to a phishing website that was noted to have been “harvesting email addresses and passwords”.
The Australian Securities and Investments Commission (ASIC), after having its brand used in several scams this year, issued a warning last week of a wave of scam emails sent to Registry customers pretending to be from ASIC.