ANZ customers targeted with phishing emails
As mentioned last week, the start of the Christmas season has also meant the start of several phishing campaigns. Last week American Express customers were the focus. This week ANZ customers are being targeted.
The email phish that has been blocked by MailShark filters is shown in Figures A. The subject line of the email is “ANZ eStatement for October 2014” or very similar. This phish is particularly realistic; mousing over the links shows legitimate links back to the genuine ANZ website. There are, however, some giveaways that we discuss below.
As shown in Figure A, the email informs the recipient that their statement is attached, but is encrypted for security. Decrypting the statement required that the user downloads and installs “decoder” software. Double clicking and opening the attachment will install the decoder.
As part of the process, the user is requested to enter their “Card number, Atm pin and password” in order to view their statement. In reality, the internet banking login page supplied as an attachment is a link to a phishing site.
There are several indications that this email is not genuine. The first hint is the second bolded line, where the attackers have made an error in capitalisation, both at the start of the sentence, mid way through, and at the end. These errors are circled in red on Figure A.
Under the “Opening your encrypted statement” heading the attackers state that opening the statement is a “2 step process”, but then go on to list three steps. Again we have circled the errors in red on Figure A.
Step 3 tells the user to enter their card number, PIN and password. Financial institutions in Australia (and most countries, as far as we know) will never send emails requesting this type of personal information. This is another giveaway.
The email contains a link that leads to a login screen (as shown in Figure B), supposedly to enable the user to access their internet banking. In reality, this is a phishing site, setup to harvest user details, such as internet banking login ids and passwords.
If you receive this email, don’t download the attachment and don’t follow the link to the login. The ANZ anti-phishing site is specific in relation to emails requesting personal information:
Treat all emails requesting personal log on information such as username, password or PIN with extreme caution. ANZ will never contact you by email requesting personal information.
MailShark have reported this phish to the ANZ bank.