Cybercriminals purporting to be ANZ Bank are harvesting Australians’ bank details through a deceptive email, cybersecurity firm MailGuard has revealed.
The phishing scam tells customers that their internet banking service has been suspended for security reasons, and asks users to confirm their identity as part of the bank’s “security measures”.
It prompts customers to click on a log in link, which sends them to a fake ANZ page that asks for the customer’s registration number and password.
The cybercriminals harvest this data for later use.
“This is actually a phishing page hosted on GoDaddy,” MailGuard warned in a blog post on Thursday.
“The sole purpose of this elaborate phishing scam is to harvest the login credentials of ANZ customers so the criminals behind this scam can break into their bank accounts.
“By typing in your account number and password, you’re handing this sensitive account information to cybercriminals.”
If they have your information, cybercriminals can commit identity theft and access your accounts, ultimately stealing your money.
The email is a pretty close spoof though: it uses a “safety measure” to feign a sense of legitimacy and ultimately trick users into revealing their bank details. The subject of the email, “internet banking service has been suspended” is also likely to evoke panic, MailGuard said, motivating users to give their details and rectify the situation.
But if you look closely, there are some signs that email isn’t genuine though.
The email doesn’t address the recipient directly, and it doesn’t use any of ANZ’s traditional branding in the body.
I got this email. What do I do?
“Don’t respond to emails requesting personal information or security credentials,” ANZ advised.
The bank also states you should change your passwords on a regular basis, and keep your antivirus and firewalls up to date.
Are you a millennial or Gen Z-er interested in joining a community where you can learn how to take control of your money? Join us at The Broke Millennials Club on Facebook!