Story image

ANZ Bank warns businesses and customers of phishing scam

ANZ Bank is warning members to be wary of a new phishing scam, as the bank's trademarks have once again been exploited in an email scam. 

The malicious emails are infiltrating inboxes using a display name of ‘ANZ Internet Banking’ and are titled ‘ANZ INTERNET BANKING ACCOUNT ALERT’. The sending address displayed in the 'From' field uses the domain ''. MailGuard detected the emails actually come from a compromised email account, ANZ Banking Group says.

The message body contains a high-quality ANZ logo and advises the recipient they have a ‘pending verification waiting to validate’ and that they should log in to their account to view this message. A link is included to ‘View Your Message along with today’s date.

Unsuspecting recipients who click on the link are led directly to a legitimate-looking copy of the ANZ login page that asks for their confidential details. This is actually a phishing page.

Users who enter their details and click ‘Log on’ are led to a 'security page' once again spoofing ANZ’s branding & logo. This page asks users to 'verify' their security questions and answers.

Once all of the above fields have been completed and recipients click ‘Continue’, a message appears on screen thanking them for using ANZ Internet Banking.

Clicking ‘OK’ finally redirects the recipient to the actual ANZ website.

This sole purpose of this elaborate phishing scam is to harvest the login credentials of ANZ customers so the criminals behind this scam can break into their bank accounts, ANZ says.

"Cbercriminals have taken great pains to replicate official landing pages from ANZ – including incorporating the bank’s branding and logo using high-quality graphical elements. All this is done in an attempt to trick the users into thinking the scam is legitimate." It says.

"It is also interesting to note that the body of the scam email includes a note explaining that due to ‘privacy & security reasons’, it is unable to include personal details like the recipient’s account name and number," ANZ says.

"The lack of these details is widely considered to be a red flag associated with scam emails. Including a reason to explain why these details have been omitted is therefore an attempt by the cybercriminals to provide a justification for this red flag and boost the credibility of the email."

 ANZ says a focus on security is, ironically, a key feature of this scam email, considering the additional security reminder in the email footer that ANZ will ‘NEVER send an email which includes a link that redirects you to logon to internet banking’. 

"These security reminders are commonly expected of such a well-established bank. All this serves to elicit a more confident response from recipients who think they are validating their accounts by clicking on the provided link and entering their confidential login details," it explains. 

"However, despite these attempts, this email scam contains several other tell-tale signs that point to its illegitimacy. These include grammatical errors like 'banking account have a pending verification' as well as spacing errors," ANZ says.

Recipients who have received such a hoax/suspicious email claiming to be from ANZ are advised do the following:

  • Do NOT click on any unexpected/unusual links or open attachments.
  • Forward the suspicious email or SMS to
  • Delete the message from your inbox.

ANZ also offers these tips on preventing online fraud attempts:

  • Check the address bar of your browser to see if ANZ’s website address has changed from http:// to https://
  • Check to see if a security icon that looks like a lock or a key is visible near the address bar on any page that you need to enter your security credentials.

To minimise your chances of becoming a victim of a phishing scam, ANZ advises:

  • Don’t respond to emails requesting personal information or security credentials.
  • Change passwords on a regular basis.
  • Keep your antivirus and firewalls up to date and perform regular scans on your computer

"Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them," ANZ says.

Story image
27 Nov
Interview: Microsoft's Diana Kelley talks talent gaps and D&I
Kelley recently spoke at Microsoft Asia’s new Experience Center, where she talked through her experience as a security CTO, as well as IoT security, what’s ahead in 2020, and diversity and inclusion both in the cybersecurity sector, and in technology.More
Story image
19 Nov
Automation Anywhere advances IQ Bot to extend Intelligent Document Processing
“IQ Bot’s latest release further simplifies the automation journey by empowering business users to easily harness AI and machine learning to rapidly automate document-centric processes by themselves."More
Story image
18 Nov
Spark puts heartland NZ at forefront of 5G rollout
Spark will deliver 5G wireless broadband into five more South Island locations before Christmas, followed by other heartland communities from March 2020.More
Story image
04 Dec
Spare space in the car? Kiwis can now make a little money by shipping stuff
Lonelyseat is a new service that connects drivers with people who need parcels or objects shipped around the country.More
Story image
19 Nov
Kiwis adopting great savings habits but overestimating returns
As people get older, they are more likely to consider putting any savings into term deposits, rising from 28% of those under 30, to 57% of 50-64-year-olds, and 65% of those 65-plus.More
Story image
28 Nov
It’s all about partnership: Secrets of success in supporting and improving legacy applications
With the rise of SaaS, the funding to continue to maintain an in-house IT team has been reducing, leaving IT management with the constant pressure to provide more with less.More