Email purporting to be from the ANZ bank claims that your account has been limited and you should therefore open an attached file and follow the instructions.
The email is not from ANZ. The attachment contains an HTML file that will open a fraudulent ANZ login page in your browser. Criminals can collect the information you submit on the fake page and use it to hijack your ANZ account.
Subject: New Email.
DEAR CARDHOLDER,You have received this file because your account has been limited, download ”AN47281Z.HTM” attached to this email and follow the instructions.
This email, which purports to be from ANZ, claims that your account has been limited. It advises you to open an attached file and follow the instructions to rectify the supposed problem.
However, the email is not from ANZ and the claim that your account has been limited is just a trick to get you to open the attached file without due caution.
If you do click the attachment, a fraudulent webpage will load in your default web browser. The bogus webpage features the ANZ logo and formatting and includes secondary links designed to make it look genuine. The page contains a login box that asks you to supply your customer registration number and account password.
If you enter your login details, you will be taken to a second fake page that claims that you must supply ID information and the answers to your account security questions in order to unlock the account. After submitting this information, a final ‘Process Complete’ page will appear that thanks you for promptly dealing with the matter (see screenshot below). You will then be automatically redirected to the genuine ANZ home page. You may not realise until it is too late that you have just submitted your account information on a phishing website.
Meanwhile, the criminals who sent out the scam email can collect the information you submitted and use it to access your ANZ account. Once in the account, they can use it to conduct fraudulent transactions using your money.
Phishing scams like this one are very common and regularly target customers of many banks and other financial institutions all around the world. Be wary of any unsolicited email that claims that there is a problem with your account and asks you to click a link or open an attached file to fixed the supposed problem.
ANZ has published information about such phishing attacks on its website.
Last updated: March 23, 2016
First published: March 23, 2016
By Brett M. Christensen
ANZ ‘Our Website Is Going To Change In The Nearest Future’ Phishing Scam
ANZ Bank ‘You Have a New Statement’ Phishing Scam
Phishing Scams – Anti-Phishing Information
ANZ – Threats to Your Computer