An Australian cybersecurity company, MailGuard has released a report saying that hackers are purporting to be the Melbourne-based ANZ Bank are harvesting Aussies' bank details through a deceptive email.
The cybercriminals behind the phishing scam trick the customers saying that their internet banking service has been suspended due to security issues. The threat actors also ask the users to confirm their identity as part of the bank's "security measures".
The scammers also trick the customers of ANZ Bank to click on the login link, which sends them to a fake ANZ page, and then they are asked to provide a customer registration number and password.
The Purpose
As per the MailGuard, the cybercriminals harvest the data gained from the scam for later use. The company also noted that it is actually "a phishing page hosted on GoDaddy." In a report, it said that the one and only purpose of this elaborate phishing scam is to harvest the login credentials of the bank customers so that the cybercriminals can gain access to their bank accounts.
"By typing in your account number and password, you're handing this sensitive account information to cybercriminals," it said in a blog post. If these hackers gain access to the customers' information, they can commit identity theft and access the bank accounts and steal the money.
As per the MailGuard, the phishing email is short and straight forward. It advises the bank customers that "You Have One Important Security Message In Your Internet Banking Account." But there are signs that the email is not genuine and these are:
- The email is not addressed to the recipient; 'Dear ANZ Customer' is not an identifier
- The email does not contain any of the recipient's personal information
- Grammar errors like 'Log On' and the misspelling and additional circumflex accent mark in 'AccountÂ'
- Awkward formatting
However, ANZ, which has millions of customers in Australia, has advised its customers not to respond to such emails that ask for their personal information or security credentials. It also urged the ANZ customers to change the passwords on a regular basis and keep their antivirus as well as firewalls up to date.
It Is Getting Better and Better
As per an FBI report, phishing scams were the most common type of internet crime noticed in 2019. More than $57.8 million was lost last year as a result of such cybersecurity incidents and over 114,000 victims were targeted by the cybercriminals—operators of phishing scams— only in the US.
A principal director in Microsoft's Security Research team, Tanmay Ganacharya said that as cybercriminals are gaining more profit from phishing scams, they are becoming more sophisticated in terms of their methods to steal passwords. Most of the cybercriminals have now moved to phishing scams because it is "easy" said Ganacharya.
Hackers sometimes create fake social media accounts or personal blogs to target their victims. They also make fake sites that mimic the login screens of some reliable services. Some of the cybercriminals are also now selling their services to specific people, organizations, or nation-state entities who want to steal the information from a targeted individual.
