There’s a new wave of phishing emails, discovered just yesterday, targeting ANZ customers around Australia. With another going after Dropbox users on the same day.
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
The phishing email bomb has been sent with a particularly engaging premise, telling users their last payment was unsuccessful. It then prompts the recipient to click a link to update their phone number after telling them the bank was unable to contact them. The link itself, took customers to a fake site that looked remarkably similar to the ANZ Internet Banking login page that even goes to far as to prompt the user answer 3 security questions, giving the scammer even more insight into their victims. It has since been removed.
MailGuard, an email filtering company, began blocking the emails early yesterday after discovering a particularly large number of them being sent in a short space of time. They have reminded users to be on the lookout for scam emails, with poor grammar a certain giveaway along with the latest attack using random account numbers to address the recipient.
“One of the surest ways to detect a fake is to hover over the email sender name, or in this case also check the landing page URL, to see if it looks legitimate,” MailGuard wrote in a blog post. “In this case, the landing page resides at https://djarlo.net/anz which is a clear indication that it’s not a genuine Internet Banking page hosted by the ANZ Bank.”
A wave of emails using the Dropbox brand, were also sent yesterday, with MailGuard advising these are also now being blocked. The emails linked to a phishing website that was noted to have been “harvesting email addresses and passwords”.
If you believe you may have fallen victim to this scam, get in touch with your bank (even if it’s not ANZ) or with Dropbox directly.