ANZ phishing email uses incorrect date
Another variation on the old theme of accounts being broken into came up this week. In this one, an email supposedly from the ANZ warns the recipient that activity on their account was observed recently. It’s a pity the suspicious login email uses an incorrect date. The email is not, of course, from the ANZ bank. It is a phishing email.
Figure A shows the email. The subject of the email is “Suspicious Login”, whilst the sender is listed as “ANZ”. The email begins with “Dear ANZ Customer”, and uses authentic looking ANZ logos.
The email states that an “unrecognized device” attempted to login to the customer’s account on Thursday January 24, 2014, at 1:13 AM PDT. Note that all the emails stopped so far all refer to this particular date and time.
If the activity was expected, the email says, the recipient can ignore the email. If it was unexpected, then the recipient is advised to download and fill out a form. Given the time of day (i.e. early morning) it would almost certainly be viewed as suspicious by many recipients.
Attached to the email is a HTML document that, the email says, can be downloaded and filled in if the customer suspected illicit activity is being attempted on their account. The form is fairly detailed; the customer needs to supply a large number of personal details as well as bank account numbers. If the recipient does not fill out the form, warns the email, their account may be locked.
However, this email is a fake. The salutation (as mentioned” begins with “Dear ANZ Customer”, whereas all emails from Australian banks have personalised salutations. The wording and general grammar of the email is average at best, and poor at worst.
But the most interesting mistake on this email is the date used, or more specifically, the mix of day of the week and date. The email states that the activity occurred on Thursday January 24, 2014. Now leaving aside the fact that the date is almost a year ago, there is also the small issue that the 24th January 2014 was actually a Friday in 2014. This year January 24 fell on a Saturday. Perhaps the scammers just forgot to check their calendars.