Security Market Segment LS
Monday, 16 December 2019 12:29

ANZ Bank, Telstra under attack from scammers Featured

By

ANZ Banking Group customers are the target of the most recent email phishing scam being blocked by security vendor MailGuard team.

And in another attack reported by MailGuard, customers of Telstra have been scammed with the telco impersonated as the subject of a “simple email scam” aiming to deliver a malicious Jar file download.

The ANZ Bank scam involves an email which features the New Zealand Black Caps, telling recipients that ‘Online Banking is Now Blocked.’ - and advising customers that they have been locked out of Internet banking for security purposes because suspicious activity was detected on the account.

Customers are asked to verify their identity in order to unlock their account. The email was intercepted on the 13th of December.

By clicking ‘Enter here’ customers are directed to a replica ANZ Internet Banking login page, however once a user submits their registration number and password, they will receive a message saying “Oops! Something went wrong. Please try again.”

“The original email is very long. Scrolling further down reveals an array of links to ANZ marketing campaigns, such as this ‘Bat for your Cap’ game promotion relating to the New Zealand Black Caps cricket team, and other content most notable of which is ‘Your Internet Security.’, warns MailGuard.

MailGuard says the phishing site is hosted on a recently registered domain, which appears as an obvious attempt at brandjacking: web anz(dot)com. The email display name is also ANZ.

“There are several red flags that are warning signs to users that the email is in fact a scam. The most obvious being the From: address. A suspicious looking domain is used. Upon closer inspection, the subject reveals that special characters have been used, most noticeable are the 'K' characters, which are in fact special characters and not an actual K,” says MailGuard.

“The message body also starts with special characters and clear spelling errors in 'Dear valued custumer {first name}. Where {first name} is the recipients email address alias - the first portion of your email address (before the @ symbol).

“At the time of writing, MailGuard was the only vendor to identify and block this scam, and it is continuing to intercept attempts by the criminals at reaching a wide number of user email accounts.

“Checking the sender details of suspicious emails is one way of verifying whether they are legitimatecommunications or phishing attacks. In this instance, the email does not originate from an ANZ email domain.

“Cyber-criminals frequently exploit the branding of large companies like ANZ in their scams, because their good reputation lulls victims into a false sense of security. Because of the large number of customers, ANZ is a regular victim of these scams.”

In the Telstra scam, MailGuard says that the telco has been impersonated as the subject of a simple email scam, this time aiming to deliver a malicious Jar file download.

Masquerading as an invoice in a ZIP attachment, the email simply reads ‘Your new Telstra bill for account is attached.’

MailGuard notes that, with “authentic Telstra branding”, the email is addressed to ‘Dear Valued Customer’ with ‘Telstra’ as the display name, and a sender and envelope address of ‘billing(dot)sg(at)scforce(dot)com.’ It was intercepted on the 12 th of December 2019.

“Although the email is relatively simple in its execution, and likewise that the format is not consistent with a typical Telstra bill, there is nonetheless a likelihood that a number of customers will fall prey to the scam simply because of their familiarity with the Telstra brand and because of the importance of ensuring that your phone and internet services are paid and operational throughout the holiday break,” warns MailGuard.

“Checking the sender details of suspicious emails is one way of verifying whether they are legitimate communications or email scams. In this instance, the email does not originate from an authentic Telstra email domain,” notes MailGuard.

“Cyber-criminals frequently exploit the branding of large companies like Telstra in their scams, because their good reputation lulls victims into a false sense of security.

“Because of the large number of customers, Telstra is a regular victim of these scams.”

Here’s what MailGuard says consumers should look out for regarding scams including, as a precaution, avoiding clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to click on any suspicious links.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

DIGITAL MARKETING HAS NO SOCIAL DISTANCING OR TRAVEL RESTRICTIONS

As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email andrew.matler@itwire.com

CONTACT US!

LAYER 1 ENCRIPTION A KEY TO CYBER-SECURITY SOLUTION

Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.

DOWNLOAD!

Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments