ANZ has warned people to be careful after a fraudulent phishing scam targeted Australian customers via email inboxes.
The scam operates by accurately mirroring the official ANZ online banking website and their branding, tricking customers into divulging their security details such as their username, password, and answers to identity questions.
An ANZ spokesman told Newshub: "Hoax emails purporting to be from major companies are a regular occurrence, it’s important to be on the lookout for suspicious messages."
- ANZ trials new digital assistant
- 'Momentum has waned': Business confidence stalls again in ANZ survey
The email sender is shown as "ANZ" with the subject: "Successful BPAY Payment Advice", according to the NZ Herald.
The scam lures in unwitting individuals with a notification that a user-requested BPAY payment has been unsuccessful. The email includes a fake customer code, payment amount and payment date to provide a sense of legitimacy.
The email claims an attempt has been made to set up $2542.75 as a monthly payment. Recipients who click on the "view transaction history and provide detail" link are taken to a phony login page asking for their username, password, and security answers.
The scam exploits the common expectation that well-established banks will notify their clients regarding any dubious account activity.
The banking company advises its customers to take note that ANZ never sends emails requesting security credentials.
"Remember that ANZ will never send customers an email/SMS asking for account details, financial details, or your log in details for ANZ Phone Banking, ANZ Mobile Banking or ANZ Internet Banking," said the ANZ spokesman.
Garnering personal credentials means the cyber-criminals behind the scam can break into the bank accounts of unwitting recipients.
Although the scam is targeted at Australian ANZ customers, its online nature means it could potentially hit unaware New Zealanders.
The spokesman advised ANZ clients who may receive this message to:
- Do NOT click on any unexpected/unusual links or open attachments
- Forward the suspicious email or SMS to hoax@cybersecurity.anz.com
- Delete the message from your inbox
Contact ANZ immediately if you have:
- Shared your banking details in response to a hoax phone call, email or SMS
- Accidentally clicked on any links or downloaded any attachments
- Noticed any unusual transactions on your accounts
Newshub.