ANZ Invalid Login Attempts Phishing Scam
Email claims that the recipient's ANZ Customer Registration Number and password have been revoked due to "severe numbers" of login attempts (Full commentary below
Email is not from ANZ. It is a scam designed to steal bank account information.
(Received, November 2009)
From: ANZ Internet Banking
Subject: You have (1) Notification
Dear Valued Customer
We noticed severe numbers of invalid login attempt on your account,
due to this reason your Customer Registration Number and Password: has been revoked.
We have also increased more security on our website so as to put an end to fraudulent activities.
In other to use our services, you are advise to re-access your account.
To re-access your account,
Customer Registration Number//update [Link to fake website removed]
It's all about your Security.
ANZ Internet Banking.
This email, which purports to be from major Australian Bank, ANZ, claims that access to the recipient's online bank account has been revoked due to a large number of invalid login attempts. The recipient is advised to click a link in the message in order to login and restore account access.
However, the message is not from ANZ nor has the recipient's account access been revoked. In fact, the message is sent by Internet criminals and is designed to steal private bank account information from unsuspecting ANZ customers. Those who following the link in the scam email will be taken to a bogus web page created to closely resemble the genuine ANZ website. Once on the fake website, the customer will be asked to login with his or her Customer Registration Number and password. However, once entered, this login information can be subsequently collected by scammers. Armed with this login information, the scammers can then login to the customer's real ANZ account and steal money and account details at will.
ANZ has published information
warning customers about such phishing scams on its website. Banks and other financial institutions are very unlikely to request customers to update information by following a link in an unsolicited email.
Phishing criminals generally send out identical scam messages to many thousands of email addresses in the hope that at least some of them will reach customers of the targeted institution, in this case ANZ. Even if only one or two of the thousands who receive the scam emails actually submit their banking information, the phishing attack will have well and truly paid off for the criminals who operate such schemes.
Although they may target many different financial institutions around the world, scammers continually reuse the same tricks. As in the above example, many phishing scams try to trick recipients into clicking a link by claiming that their accounts will be suspended
until the requested account information is supplied. Many others claim that the user must update information urgently due to a recent security upgrade or hacking attempt.
Be very cautious of any unsolicited email that asks you to supply login or other personal information via a link or via an attached form. If in doubt, always check with your bank directly before submitting any information. It is good policy to always access your Internet Banking website by directly typing the address into your browser.
ANZ Security Alerts
Phishing Scams - Anti-Phishing Information
Last updated: 20th November 2009
First published: 20th November 2009
Write-up by Brett M. Christensen
ANZ Account Suspension Phishing Scam
St.George Bank Phishing Scam Emails