ANZ 'Upgrade to New System' Phishing ScamOutline
Email pretending to be from large Australian and New Zealand bank ANZ claims that customers must click a link to upgrade to a new system technology designed to give users maximum protection.
The email is a phishing scam that tries to trick users into divulging their personal information to criminals. The "Log on" button opens a bogus website designed to steal the user's ANZ account login details.
Subject: ANZ Secure Alert
Enter your Internet Banking logon details to upgrade to our new system technology for your maximum protection.
According to this email, which purports to be from the ANZ bank, customers are required to upgrade to a new system by logging into their accounts. The message claims that the new system will offer maximum protection and invites users to click a "Log on" button. The email is formatted with ANZ's logo and colour scheme to make it appear more genuine.
However, the message is not from ANZ and the claim that users must login due to a system upgrade is untrue. The email is a simple phishing scam designed to grab account login credentials from unsuspecting ANZ customers.
People who click the link in the fake email will be taken to an equally fake webpage that contains a login box. Like the email, the fake page mirrors a genuine ANZ page.
If users enter their customer number and password on the fake page and click the "Log on" button, they will be automatically redirected to the genuine ANZ site. They may believe that they have successfully "upgraded" to the new system and may remain unaware that they have been scammed until the next time they try to login.
Meanwhile, the criminals can hijack the compromised accounts, transfer funds therein and conduct fraudulent transactions.
Phishing expeditions such as this are very common and almost continually target customers of major financial institutions all around the world. Despite widespread publicity about this type of scam, phishing still works.
Be wary of any unsolicited email that claims that you must login to your account to perform an upgrade, update account details, fix an account error or deal with a supposed security breach. To be safe, always login to your online accounts by entering the web address into your browser's address bar or via the account's official software or app. Do not click links in emails that ask you to login. Do not open attachments that supposedly contain forms that you are required to fill out. And, please ensure that your family members, friends and colleagues are aware of phishing scams and how they operate.
Last updated: February 3, 2014
First published: February 3, 2014
By Brett M. Christensen
Internet Fraud & Security Threats
Phishing Scams - Anti-Phishing Information