ANZ ‘Service Has Been Limited’ Phishing Scam

Email purporting to be from the ANZ bank claims that your Internet banking service has been limited because you have exceeded the maximum number of login attempts. It asks you to click a link to restore online access.

Brief Analysis:
The email is not from ANZ. It is a phishing scam designed to steal you account login details and your credit card numbers.

ANZ Service Limited Phishing Scam

Detailed Analysis:
According to this email, which purports to be from the Australian and New Zealand Banking Group (ANZ), your Internet banking service has been limited. Supposedly the temporary limitation has been imposed because you exceeded the maximum number of login attempts.  It asks you to click a link to restore access to the limited account. The email features the ANZ logo and colour scheme along with a footer containing seemingly legitimate copyright information and contact details.

However, the email is not from ANZ and the claim that your service has been limited is untrue. In fact, the email is a phishing scam designed to steal your ANZ account login details and your credit card numbers.

If you click the link, you will be taken to a website that has been built to closely emulate a genuine ANZ login page. If you then enter your ANZ  customer reference number and password and click the ‘Login’ button, you will be taken to a second fake page that asks you to provide your date of birth as well as your credit card number, card expiry date, and CVV, ostensibly as a means of verifying your identity.

Once you have provided this information, a notice will appear that informs you that you have successfully verified your identity and access to your bankings service has therefore been restored. Finally, you will be automatically redirected to the real ANZ home page.

However, the scammers can now collect the information you supplied and use it to hijack your bank account, steal your funds, and commit credit card fraud.

Phishing scams like this one are very common. Be wary of any email or text message that claims to be from your bank and demands that you click a link or open an attached file to rectify a supposed account problem or resolve a security issue. It is always safest to login to all of your online accounts by entering the address into your browser’s address bar or via an official app.

ANZ has published information about phishing scams and other types of fraud on its website.

Last updated: July 16, 2016
First published: July 16, 2016
By Brett M. Christensen
About Hoax-Slayer

ANZ – Computer Threats
Phishing Scams – Anti-Phishing Information