skip to log on skip to main content
Find ANZ Support Centre
Find ANZ Support Centre

Latest scams, fraud and security alerts

Stay informed on the latest scams, fraud, and security alerts. Learn about emerging cyber threats and important online risks as they arise. If you are a business, make sure to stay updated with the latest business security alerts  that could impact you.

Explore the latest alerts below, and make informed decisions to help keep your personal and banking details safe.
 

 Businesses: See latest security alerts 

 March 2025

Latest alerts scam SMS

 Posted on 12 March 2025

ANZ Warns of Scammers Exploiting ex-Tropical Cyclone Alfred's Aftermath

Type:  

ANZ urges Australians to stay alert to cyber criminals attempting to exploit Ex-Tropical Cyclone Alfred's aftermath by impersonating trusted organisations through fake emails, texts, or calls. Cyber criminals may pose as banks, insurance companies, non-profit organisations, or disaster relief services to exploit those impacted by the natural disaster and deceive them into revealing personal information or making payments. Vigilance and caution is highly encouraged to protect personal information and ensure donations go to verified relief efforts.

Visit ANZ Media Release for more information.

In a genuine ANZ call, SMS message or email, we will never ask you to:

  • Share sensitive information like your One Time Passcode (OTP), verification code (for payment), PIN or card details.
  • Transfer money to another account.
  • Provide access to your device or download software.
  • Click a link to log in to your account or type a particular website address into your browser.
  • Join an online “chat” with an ANZ team member.

  • STOP - Don’t give money or personal information to anyone if unsure.
  • CHECK - Verify Requests – Contact your provider/bank immediately on a listed number if you receive a message from someone saying your account is at risk, under review, or locked, or if you enter personal details into a link that you suspect is a scam.
  • PROTECT - If a scammer has taken your money or personal details, contact your bank or card provider immediately to report the scam. Ask them to stop any transactions.
  • Be wary of fake charity appeals – scammers may pretend to represent charities helping cyclone victims. Always verify the organisation by researching its official website or checking its registration on the Australian Charities and Not-for-profits Commission (ACNC) Charity Register.

ANZ’s customer protection teams and systems operate 24/7. Customers who believe they may have been a victim of a scam should contact us immediately, on 13 33 50 or visit us at https://www.anz.com.au/security/report-fraud/ for more information.

Report the scam to the Australian Signals Directorate’s ReportCyber portal. This resource is there for reports of scams where money or personal information has been lost.

Help others by reporting to Scamwatch to help them prevent future losses, monitor trends and educate the population about emerging threats.

 February 2025

Latest alerts critical vulnerability

 Posted on 21 February 2025

ScamWatch Alert - Investment Bonds 

Type:  

ScamWatch has published an alert advising that criminals posing as legitimate businesses are offering fake investment bonds, claiming that they offer high returns that are protected by the government. They encourage people to register their personal details on fake websites, steal money by getting people to buy fake investment bonds, and also use your personal details to commit other scams.

 

According to ScamWatch, there are steps you can take to help avoid investment scams:

If you suspect fraud on your account or have shared personal or financial information, or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.

Report the scam to the Australian Signals Directorate’s ReportCyber portal. This resource is there for reports of scams where money or personal information has been lost.

Help others by reporting to Scamwatch to help them prevent future losses, monitor trends and educate the population about emerging threats.

For more information, please read Scam alert: Investment bonds scam | Scamwatch

Latest alerts scam call

 Posted on 05 February 2025

Australian Signals Directorate's Australian Cyber Security Centre (ASD’s ACSC) impersonation phone and email scam

Type:  

The ASD's ACSC has published an alert advising of emails and phone calls from cybercriminals claiming to be them.

The content of the scam emails and phone calls vary but typically ask you to give personal information (such as passwords or bank details), money or ask you to download software.

To make the scam emails appear legitimate, cybercriminals have been using the ASD’s ACSC logo and signature block.
 

Remember, never click on unknown or suspicious links, and always verify unexpected callers, emails or SMS requests through official channels.

If you suspect fraud on your account or have shared personal or financial information, or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.

Report the scam to the Australian Signals Directorate’s ReportCyber portal. This resource is there for reports of scams where money or personal information has been lost.

Help others by reporting to Scamwatch to help them prevent future losses, monitor trends and educate the population about emerging threats.

For more information, please read the Australian Cyber Security Centre’s alert.

 Business alerts

Latest alerts critical vulnerability

 Posted on 28 March 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

A critical alert has been published regarding vulnerabilities affecting Next.js authentication bypass.

The vulnerability could allow a remote attacker to bypass security checks, including many forms of authentication.

Affected versions/applications:

  • Next.js 15.x versions prior to 15.2.3
  • Next.js 14.x versions prior to 14.2.25
  • Next.js 13.x versions prior to 13.5.9
  • Next.js 12.x versions prior to 12.3.5

It is recommended that individuals, business, organisations and government to:

  • Follow Next.js advice for affected versions.
  • All self-hosted Next.js deployments should consider updating immediately.

For more information, please read the Australian Cyber Security Centre’s alert: Next.js authentication bypass vulnerability (CVE-2025-29927)

Latest alerts critical vulnerability

 Posted on 28 March 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

A critical alert has been published regarding vulnerabilities affecting Ingress-NGINX Controller for Kubernetes.

The vulnerabilities could allow unauthenticated remote code execution and full cluster takeover.

The following vulnerabilities are:

  • CVE-2025-1097
  • CVE-2025-1098
  • CVE-2025-1974
  • CVE-2025-24513
  • CVE-2025-24514

It is recommended that businesses, organisations, and government entities:

  • Review the advice and monitor the guidance at the official Kubernetes maintainer’s Ingress-NGINX Github Repository Kubernetes - Ingress-NGINX Releases
  • Update to the latest version of Ingress-NGINX Controller.
  • Ensure the admission webhook endpoint is not exposed externally.

For more information, please read the Australian Cyber Security Centre’s alert: Critical vulnerabilities in Ingress-NGINX Controller for Kubernetes

Latest alerts critical vulnerability

 Posted on 24 January 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

A critical alert has been published regarding vulnerabilities affecting FortiOS & FortiProxy - Authentication bypass in Node.js websocket module.

The vulnerability may allow an unauthenticated remote attacker to gain “super-admin” privileges.

Affected versions/applications:

  • FortiOS version 7.0 - 7.0.0 through 7.0.16
  • FortiProxy version 7.0 - 7.0.0 through 7.0.19
  • FortiProxy version 7.2 - 7.2.0 through 7.2.12

It is recommended that businesses, organisations, and government entities:

  • Follow Fortinet’s published advice for affected versions.
  • Upgrade to the latest FortiOS and FortiProxy versions.
  • Investigate for potential compromise of these products, leveraging the published IOCs.
  • Monitor and investigate for suspicious activity in connected environments.

For more information, please read the Australian Cyber Security Centre’s alert: FortiOS & FortiProxy - Authentication bypass in Node.js websocket module vulnerability | Cyber.gov.au

View older alerts 

Important information

App Store is a service mark of Apple Inc. Google Play and the Google Play logo are trademarks of Google LLC

Top