Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact

Site Navigation


Bank Withdrawal Notification Scam - Fraudulent Emails Point to Trojan

Email informs customers of the ANZ, National, Commonwealth or Westpac banks that a large sum has been withdrawn from their accounts.


Example:(Received via email, 2004)
Subject: Notification on transfer from your ANZ bank account

We are informing you that today, the amount of $719.00 AUD has been drawn out of your account.

Technical assistance of ANZ Bank


Customers of major Australian banks have reported receiving emails that claim a substantial amount of money has been withdrawn from their accounts. In order to make the message seem legitimate, the emails arrive in HTML format and generally include a logo stolen from the targeted bank's website. A link included in the email supposedly leads recipients to the bank website to seek "technical assistance". The intention here is to panic gullible recipients into clicking on the link provided in order to gain details regarding the apparent withdrawal. ANZ, National, Commonwealth and Westpac have all been targeted.

At face value, this sounds like a typical phisher scam. However, those who click on the link in the bogus email may inadvertently download a trojan that will automatically be executed on their computer. This trojan is configured to log keystrokes that are entered into specific websites and email the information to the scammers. When a window that contains certain specified title phrases is opened, the key logger begins recording any information that is entered. This information could be passwords, account numbers, and other personal information. The specified title phrases are associated with a number of major financial institutions both in Australia and elsewhere in the world. Thus, even recipients of the scam emails who are not customers of the targeted bank can have sensitive information stolen if the trojan infected their system.

The scammers have manipulated the link in the bogus email so that it resembles a normal text link. However, those who click on the link are first taken to a webpage where the Trojan is downloaded before being redirected to the real bank website. This happens quite quickly and users may not even be aware that a download and redirection has taken place.

The example above is directed at ANZ customers, but virtually identical emails target National, Commonwealth and Westpac banks. The amount specified varies.

Write-up by Brett M.Christensen