ANZ customers fooled into providing banking details in new phishing scam

• The phishing emails impersonate the official ANZ online banking website in order to trick customers into handing over their vital banking details.
• The email is sent with the subject titled: “Successful BPAY Payment Advice”.

Australia and New Zealand Banking Group (ANZ) is warning its customers about a new phishing scam that is aimed at stealing users’ banking details.

What is the scam?

The phishing emails impersonate the official ANZ online banking website in order to trick customers into handing over their vital banking details. This includes their usernames, passwords, and answers to secret questions.

How does it work?

According to MailGuard, the email is sent with the subject titled: “Successful BPAY Payment Advice”. It informs the customers about a successful transaction by including payment related details such as customer code, payment amount and payment date.

The recipients are then asked to verify or update their accounts and transactions by visiting the link provided in the email. When users click on the link, they are redirected to the spoofed website of the ANZ.

Upon entering the login details, users are redirected to a page that simulates a blocked account with 3 challenging questions to be answered.

Once the users have answered all the 3 questions, they are informed that their answers are incorrect.

What is the purpose?

The sole purpose of this elaborated phishing scam is to harvest the login credentials of ANZ customers.

“By typing in your account number and password, you’re handing over this sensitive account information to cybercriminals. If you also tell the scammers details of your security questions and answers, it allows them to attempt other fraudulent actions, such as calling them back and trying to access your accounts,” MailGuard stated in its report.

How to stay safe?

Following are some basic tips in order to stay safe from such scams:

• Never click on the link that comes attached within an email to visit a website;
• Always type the URL in the address bar to visit the official website;
• Never share your personal or banking details over email.