ANZ customers are being advised to take extra caution after the discovery of a very convincing scam.
The fake ANZ Bank e-mail advises recipients that their ‘last payment was unsuccessful’ and prompts them to login, where cyber criminals can steal their credentials, reports news.com.au.
Cyber security company MailGuard believe the scam email has already been sent to a very large number of inboxes.
“The email, from a display name of ANZ internet Banking and sender email address of firstname.lastname@example.org, claims that ANZ have been unable to contact you, and asks customers to click to update their phone number,” MailGuard warned in a blog post.
“When recipients click through they arrive on a well-crafted ANZ internet Banking landing page where they are prompted to login, so doing handing over their Customer Registration Number (CRN) and Password.”
MailGuard warned the phishing scam was more sophisticated than just targeting login credentials.
“For those that continue past the internet Banking login page, the scammers try for even more sensitive data by asking recipients to divulge the answers to three ‘security questions’,” MailGuard wrote.
The company said there were a couple of ways for customers to tell this email was a scam.
“In this case, the landing page resides at https://djarlo.net/anz which is a clear indication that it’s not a genuine internet Banking page hosted by the ANZ Bank,” MailGuard explained.
”There are also some clear grammatical errors that hint that this may not be legitimate, and are early warning signs or red flags, that the email may be a scam.”