Fraud protection.
Now it’s personal.
ANZ Falcon® technology monitors millions of transactions every day to help keep you safe from fraud.
Falcon® is a registered trademark of Fair Isaac Corporation.
Stay up-to-date with emerging cyber threats, scams and other important online risks as they happen. Or, if you're a business owner, take a look through business security news that could impact you.
Explore the latest alerts below, and make informed decisions to help keep your personal and banking details safe.
Jump to
Business owners: See latest security alerts
Type:
ANZ is aware of a global incident affecting some CrowdStrike and Microsoft services and we are monitoring the situation closely. There is no impact to ANZ's services and systems at this point in time.
Scammers are using this global incident to their advantage and we’re warning customers and businesses to be cautious of unsolicited calls, emails or messages requesting they download a software patch or provide remote access to fix or protect their computer from the CrowdStrike/Microsoft outage.
Downloading unsolicited software can give scammers access to your computer, including your bank accounts.
Customers and businesses should also be on alert to unsolicited requests from individuals claiming to be from their financial institutions or other businesses requesting they update or verify their personal or financial information due to the CrowdStrike/Microsoft outage.
Posted on 19 July 2024
Type:
Whenever possible, try using different usernames and passwords/passphrases across multiple online platforms and websites. In the event of a data breach, your login details for these platforms or websites may get compromised and can be used in a cyberattack known as credential stuffing.
In a credential stuffing attack, the cybercriminal will use previously stolen usernames and passwords from one platform or website and use them on other platforms or websites in the hope that users are re-using them – to get unauthorised access to their user accounts.
This may lead to fraudulent transactions being made using the payment information saved in the user accounts on these platforms and websites.
Attacks of this nature are becoming more prevalent. To help safeguard your money and your information, we want to remind you of the following tips:
Posted on 05 July 2024
Type:
Whenever you browse the internet, be cautious of fraudulent pop-ups.
Pop-ups are windows or banners that automatically appear on a website and usually contain either advertising, notifications, or alerts. Often scammers use fraudulent pop-ups with warning messages to trick people into downloading software, click on links, or provide personal information. These fraudulent pop-ups are designed to create a sense of panic and may lead to personal data theft, financial loss, and broader security breaches within networks.
Posted on 12 June 2024
Type:
We have been made aware of an increase in bank impersonation scams. Be cautious of SMS messages or phone calls, claiming to be from ANZ. They may ask you to transfer money, open another account, provide your sensitive banking details or download software.
Remember, we will never ask you to:
Impersonation scams impersonate not only banks, but government agencies, organisations and even friends or family members. Here are some tips to help you protect yourself:
For more information about bank impersonation scams, visit ANZ Security hub – types of scams – bank impersonation scams.
Type:
Individuals should be aware of increased scam activity as sophisticated cyber criminals take advantage of the busy tax period. During this busy time, scammers may use sophisticated tactics to try and catch you off guard. There are various types of scams, and the intent is clear - they want to steal your money or personal information.
Cyber criminals attempt to take advantage of this time of year with tax-related impersonation scams, namely those appearing to originate from the Australian Tax Office (ATO) or other government services such as myGov.
Scammers may impersonate the ATO or myGov and threaten individuals and businesses with tax debt or offer rebates.
Individuals should stay alert to phishing, smishing (SMS phishing) and vishing (phone call phishing) scams. Always verify that requests are authentic before clicking on links, opening attachments or following instructions, particularly when it comes to your finances or personal information.
Otherwise, if you are unsure about the authenticity of a call or message, contact the ATO or applicable government service to verify.
Top tips to help protect yourself during tax time:
If you receive one of these messages, do NOT click on the link, and delete the message immediately.
Posted on 30 May 2024
Type:
We are aware of a new scam targeting customers of loyalty programs of large, well-known Australian companies (including but not limited to airlines, telecommunications and retail companies).
The scam is delivered to customers through a text message or email stating their loyalty points are expiring. This correspondence includes a link to a fake website, which prompts customers to login. Customers may also be asked to provide credit card details to use loyalty points.
If the customer follows the instructions as per the email or text, scammers will steal their points, login details and/or personal information to use on other platforms and commit identity fraud.
Tips to protect yourself from loyalty points scams:
For more information about this scam, visit Scamwatch.
Posted on 30 May 2024
Type:
Scammers may pose as online product comparison companies, financial firms, or create fake term deposit advertisements with better interest rates.
These fake advertisements can be difficult to spot.
If you share personal information on these fake websites and advertisements, a scammer might contact you, claiming to work for the promoting company and offer to open an account in your name. If you agree, you’ll be given fraudulent account details, and any money you transfer to this account will end up with the scammer.
Posted on 30 May 2024
Type:
We are aware of a new scam involving the collection of physical credit/debit cards. The scam may originate as a phone call, claiming to be your Telco, IT support, or an online payment provider regarding your device being compromised.
The scammer may request you to download remote access software (such as Anydesk or TeamViewer) to ‘clean’ your device. This software enables the collection of your personal information, screensharing and monitoring of your online activity.
The scammer calls again asking if you have received a call in the last few days requesting you to download remote access software, and that you have likely been hacked.
The scammer may then attempt to convince you to hand over your physical card(s) by claiming that your existing card is compromised and needs to be replaced. They might arrange to collect your physical card(s) from your home by a courier or bank representative.
Type:
You may receive a call claiming to be from ANZ asking you to authorise a transaction on your account. The call is commonly delivered as a recorded message (asking you to press 1 to proceed), however, it may also be someone cold calling you posing as an ANZ officer. We have also received reports of this scam being delivered via SMS with a number to call to “confirm” the transaction.
If you respond to the recorded message or contact the number provided in the SMS, you might speak with a scammer who will attempt to trick you into following instructions (e.g. transferring money to a “safe” account) with the objective of stealing your money or personal details.
ANZ will never ask you to share sensitive banking details (like your password, PINs, ANZ Shield code or one-time passcode (OTP) for payment in an email or SMS), click a link to log in to your account, grant remote access to your computer or device or transfer money to another account.
Type:
ASD’s ACSC have published a critical alert regarding a CrowdStrike software update has led to worldwide outages impacting Windows systems on Friday 19 July 2024.
ASD’s ACSC strongly encourages all consumers to source their technical information and updates from official CrowdStrike sources only.
ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).
For more information, please read the Australian Cyber Security Centre alert - Widespread outages relating to CrowdStrike software update
Posted on 05 June 2024
Type:
The ASD's ACSC has published a high alert regarding increased cyber threat activity affecting Snowflake customer environments.
The ASD’s ACSC is aware of successful compromises of several companies utilising Snowflake environments.
ASD’s ACSC encourages Australian organisations who utilise Snowflake to reset credentials for active accounts, disable non-active accounts, enable Multi-Factor Authentication (MFA) and review user activity.
Snowflake has also published an advisory to assist in identifying instances of unauthorised access.
For more information, please read the Australian Cyber Security Centre’s alert, Increased cyber threat activity targeting Snowflake customers.
Posted on 05 June 2024
Type:
The ASD's ACSC has published a high alert regarding a vulnerability in Check Point’s Quantum Security Gateway devices that enables access of sensitive information to an unauthorised actor.
The ASD’s ACSC is aware of active exploitation of vulnerable instances.
ASD’s ACSC encourages Australian organisations to review their networks for use of vulnerable instances of Check Point’s Quantum Security Gateway and implement the mitigation advice provided by the vendor.
A hotfix for the vulnerability is available, and the ASD’s ACSC strongly recommends that affected Australian organisations patch this vulnerability as a matter of high priority.
For more information, please read the Australian Cyber Security Centre’s alert, CVE-2024-24919 - Check Point Security Gateway Information Disclosure.
Type:
The ASD's ACSC has published a critical alert regarding vulnerabilities affecting Palo Alto’s PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls.
According to the ASD’s ACSC, the vulnerability can result in an unauthenticated attacker executing arbitrary code with root privileges on the firewall.
The ASD’s ACSC has stated that Australian organisations who have a Palo Alto Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187.
For more information, please read the Australian Cyber Security Centre’s alert, OS Command Injection Vulnerability in GlobalProtect Gateway.
App Store is a service mark of Apple Inc. Google Play and the Google Play logo are trademarks of Google LLC