Customers who bank with ANZ are being warned of an elaborate new email scam which could see criminals gain access to their online banking accounts.
The phishing scam has been designed to look exactly like an official ANZ communication, in a bid to trick unaware victims into willingly handing over their usernames and passwords, as well as the answers to their secret security questions, reports Nine News.
According to the news outlet, those targeted are sent an email with the display name of ‘ANZ’, while the subject reads ‘Successful BPAY Payment Advice’. The message claims that a user-requested BPAY payment has been successful, advising customers that $2,542.74 has been debited from their account.
The scam email – which was first discovered by email security firm MailGuard – also includes a link to view transaction history which, if clicked, then directs unsuspecting users to a fraudulent web page, which mirrors the official ANZ website. Customers are then asked to sign in using their username and password.
Once they have signed in, victims are redirected once again to another landing page, featuring ANZ logos and text, which suggests their account has been blocked, prompting them to provide the answers to three pre-set secret questions. These answers are then rejected as ‘incorrect’.
MailGuard published a statement online on Friday, warning Australian users about the phishing scam, adding that the purpose of it is to “harvest the login credentials of ANZ customers so the criminals behind this scam can break into their bank accounts”.
“By typing in your account number and password, you’re handing this sensitive account information to cybercriminals,” the statement read. “If you also tell the scammers details of your security questions and answers, it allows them to attempt other fraudulent actions, such as calling them back and trying to access your account.”
Calling all @ANZ_AU users! Be wary of a #phishing #email #scam spoofing the bank. Informing users of a 'successful BPAY payment', the email links to authentic looking ANZ login pages asking users for their #security challenge answers. More details here: https://t.co/mn37TUtzZh pic.twitter.com/pN9R8qcZtP
— MailGuard (@MailGuard) May 24, 2019
ANZ advises customers not to respond to emails which request personal information or security details. They also suggest changing passwords on a regular basis and keeping firewalls up to date. If you have received this email, report it to ANZ’s Internet Banking team on 13 33 50.