itb-au logo
Story image

ANZ Bank warns businesses and customers of phishing scam

ANZ Bank is warning members to be wary of a new phishing scam, as the bank's trademarks have once again been exploited in an email scam. 

The malicious emails are infiltrating inboxes using a display name of ‘ANZ Internet Banking’ and are titled ‘ANZ INTERNET BANKING ACCOUNT ALERT’. The sending address displayed in the 'From' field uses the domain ''. MailGuard detected the emails actually come from a compromised email account, ANZ Banking Group says.

The message body contains a high-quality ANZ logo and advises the recipient they have a ‘pending verification waiting to validate’ and that they should log in to their account to view this message. A link is included to ‘View Your Message along with today’s date.

Unsuspecting recipients who click on the link are led directly to a legitimate-looking copy of the ANZ login page that asks for their confidential details. This is actually a phishing page.

Users who enter their details and click ‘Log on’ are led to a 'security page' once again spoofing ANZ’s branding & logo. This page asks users to 'verify' their security questions and answers.

Once all of the above fields have been completed and recipients click ‘Continue’, a message appears on screen thanking them for using ANZ Internet Banking.

Clicking ‘OK’ finally redirects the recipient to the actual ANZ website.

This sole purpose of this elaborate phishing scam is to harvest the login credentials of ANZ customers so the criminals behind this scam can break into their bank accounts, ANZ says.

"Cbercriminals have taken great pains to replicate official landing pages from ANZ – including incorporating the bank’s branding and logo using high-quality graphical elements. All this is done in an attempt to trick the users into thinking the scam is legitimate." It says.

"It is also interesting to note that the body of the scam email includes a note explaining that due to ‘privacy & security reasons’, it is unable to include personal details like the recipient’s account name and number," ANZ says.

"The lack of these details is widely considered to be a red flag associated with scam emails. Including a reason to explain why these details have been omitted is therefore an attempt by the cybercriminals to provide a justification for this red flag and boost the credibility of the email."

 ANZ says a focus on security is, ironically, a key feature of this scam email, considering the additional security reminder in the email footer that ANZ will ‘NEVER send an email which includes a link that redirects you to logon to internet banking’. 

"These security reminders are commonly expected of such a well-established bank. All this serves to elicit a more confident response from recipients who think they are validating their accounts by clicking on the provided link and entering their confidential login details," it explains. 

"However, despite these attempts, this email scam contains several other tell-tale signs that point to its illegitimacy. These include grammatical errors like 'banking account have a pending verification' as well as spacing errors," ANZ says.

Recipients who have received such a hoax/suspicious email claiming to be from ANZ are advised do the following:

  • Do NOT click on any unexpected/unusual links or open attachments.
  • Forward the suspicious email or SMS to
  • Delete the message from your inbox.

ANZ also offers these tips on preventing online fraud attempts:

  • Check the address bar of your browser to see if ANZ’s website address has changed from http:// to https://
  • Check to see if a security icon that looks like a lock or a key is visible near the address bar on any page that you need to enter your security credentials.

To minimise your chances of becoming a victim of a phishing scam, ANZ advises:

  • Don’t respond to emails requesting personal information or security credentials.
  • Change passwords on a regular basis.
  • Keep your antivirus and firewalls up to date and perform regular scans on your computer

"Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them," ANZ says.

Story image
Leader wins Acronis distribution agreement, brings cyber protection solutions to Aus
The agreement covers the entire Acronis Cyber Protect Cloud solution portfolio, which includes cybersecurity, backup, disaster recovery, secure file sync and share, as well as notary services.More
Story image
Investing in digital trust for the post-pandemic business landscape
Business leaders in 2021 need to make sustainable investments to give their organisations a much-needed resilience boost to tackle new disruptions, while still enabling growth.More
Story image
3 days at home, 2 days in the office? What's the ideal working scenario in the new COVID normal?
The days of physically reporting to an office every day of the workweek are not likely to resume once the COVID-19 pandemic is over. More
Story image
Juniper Networks releases lineup of AI-driven solutions
“These latest product enhancements underscore our sustained commitment to executing on this vision, as well as our unique ability to rapidly deliver new solutions that drive real value to both customers and partners.”More
Story image
Four reasons why application delivery is critical to DevOps
Selecting an application delivery solution that maximises automation and integrates into an existing DevOps environment is critical, writes Radware senior security solutions architect for APAC Yaniv Hoffman.More
Story image
Essential tools for managing user identity and how they impact your bottom line
Customer identity and access management (CIAM) is how companies give their end-users access to their digital properties, as well as how they govern, collect, analyse, and securely store data for those users.More