skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus

Latest scams, fraud and security alerts

Stay informed on the latest scams, fraud, and security alerts. Learn about emerging cyber threats and important online risks as they arise. If you are a business, make sure to stay updated with the latest business security alerts  that could impact you.

Explore the latest alerts below, and make informed decisions to help keep your personal and banking details safe.
 

Jump to

November 2024

October 2024

September 2024

August 2024

Older alerts

 October 2024

Latest alerts scam SMS

 Posted on 31 October 2024

Bulk email extortion scam targets Australians

Type:  

ScamWatch has published an alert about criminals attempting to extort Australians through emails. The email falsely claims to have compromising images or videos of the intended victims obtained by hacking into people’s computers or webcams.

The criminals threaten to release the images or videos unless paid, using personal details like birth dates and addresses to intimidate victims. These details likely come from previous data breaches.

If you receive such emails, do not respond, or pay any money. This scam is a type of threat and impersonation scam, where criminals may use intimidation to extort money.

For more information visit: Scam alert: Bulk email extortion scam | Scamwatch
 

  • STOP - Don’t give money or personal information to anyone if unsure. Delete the email.
  • CHECK - Contact a computer specialist if you have concerns about the security of your device.
  • PROTECT - If a scammer has taken your money or personal details, contact your bank or card provider immediately to report the scam. Ask them to stop any transactions. 

Information on how to help avoid scams after a data breach is available on the Scamwatch website.

Receiving scam emails is nothing to be ashamed of; it can happen to anyone. If you’ve shared personal information, contact IDCARE at 1800 595 160.

If you’ve responded to a scam message and shared your ANZ banking details or transferred money, contact ANZ immediately. 

You can also report scams to the Australian Government’s  Scamwatch and the Australian Cyber Security Centre’s ReportCyber.

Latest alerts scam SMS

 Posted on 21 October 2024

Bank impersonation scam alert

Type:  

How does it work?

The National Anti-Scam Centre is warning consumers to be wary of bank impersonation scams.  ANZ encourages customers to be cautious of any unsolicited calls, emails or messages from someone claiming to be from their bank, requesting they provide their personal or financial information, transfer funds, or provide a one-time security code over the phone.

Scammers often claim to be calling from the bank’s fraud department and may refer to an account compromise, suspicious transaction, or online banking outage to try to create a sense of urgency.

The call may appear to come from the bank’s legitimate phone number or a very similar number, or by a text message that appears in the same conversation thread as genuine bank messages or an email appearing to come from the bank.

Remember, ANZ will never ask you to:

  • Share sensitive information like your One Time Passcode (OTP), verification code (for payment), PIN or card details.
  • Transfer money to another account.
  • Open a new account.
  • Provide access to your device.
  • Download software.

Impersonation scams imitate not only banks, but government agencies, organisations and even friends or family members. Here are some tips to help you protect yourself:

  • STOP: Be cautious of unexpected or urgent emails, SMS messages, or phone calls, and do not click on any links, or open any attachments.
  • CHECK: Verify with your provider/bank immediately via official channels if you receive a message from someone saying your account is at risk, under review, unavailable, or locked, or if you enter personal details into a link that you suspect is a scam.
  • PROTECT:
    • Do not share personal or financial details, and never provide your passwords, account numbers, or one-time passcodes to anyone.
    • If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
    • Report to scamwatch.gov.au and the Australian Cyber Security Centre’s ReportCyber to help protect others. Tell your friends and family: it helps to share your experience so they can give you support, and also so you can help them stay safe from scams.

For more information about bank impersonation scams, visit ANZ Security hub – types of scams – bank impersonation scams.

If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.

You can also report scams to the Australian Government’s  Scamwatch and the Australian Cyber Security Centre’s ReportCyber.

 September 2024

Latest alerts scam SMS

 Posted on 20 September 2024

Bank impersonation scam alert

Type:   

How does it work?

Unfortunately, we are still seeing instances of bank impersonation scams, and urge customers to be cautious of SMS messages or phone calls claiming to be from ANZ. Bank impersonation scams occur when a scammer makes direct contact with you suggesting that they’ve identified a problem and that they’re trying to assist you. Be cautious of SMS messages or phone calls, claiming to be from ANZ. The scammer may ask you to provide your sensitive personal and/or banking information, transfer money, open another account, click on a link, or download software.

Remember, ANZ will never ask you to:

  • Share sensitive information like your One Time Passcode (OTP), verification code, PIN or card details.
  • Transfer money to another account.
  • Open a new account.
  • Provide access to your device.

Impersonation scams impersonate not only banks, but government agencies, organisations and even friends or family members. Here are some tips to help you protect yourself:

  • Be cautious of unexpected emails, SMS messages, or phone calls, and do not click on any links, or open any attachments.
  • Contact your provider/bank immediately on a listed number if you receive a message from someone saying your account is at risk, under review, or locked, or if you enter personal details into a link that you suspect is a scam.
  • Do not share personal or financial details, and never provide your passwords, account numbers, or one-time passcodes to anyone.
  • Always pause and reassess the situation. Scammers often create a sense of urgency, pressuring you to act quickly.

For more information about bank impersonation scams, visit ANZ Security hub – types of scams – bank impersonation scams.

If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.

You can also report scams to the Australian Government’s  Scamwatch and the Australian Cyber Security Centre’s ReportCyber.

 August 2024

Latest alerts scam email

 Posted on 30 August 2024

Alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) on impersonation scam

Type: 

The ASD's ACSC has published a medium alert regarding email scammers impersonating the ASD's ACSC by sending out phishing emails to the public with the email content suggesting to download a malicious antivirus program.

The cybercriminals are emailing from spoofed email accounts utilising ASD’s ACSC’s logo, with the subject and contents of the email varying. These emails suggest that an increase in cyber threats requires the recipient to download ‘Antivirus’ software through a malicious link to stay safe. If clicked on, there is potential that malicious software could be downloaded and installed to the individual’s computer.

ASD’s ACSC encourages Australians to not click on links within the email, report it and block the sender. If you have clicked the link, require assistance, or if you’re not sure it’s a real email from ASD’s ACSC you can contact the ASD's ACSC via 1300 CYBER1 (1300 292 371).

For more information, please read the Australian Cyber Security Centre’s alert - Email scammers impersonating the ASD's ACSC.

 Business alerts

Latest alerts critical vulnerability

 Posted on 20 November 2024

Payment Redirection Scam

Type:  

Be cautious when processing requests to update phone, email or bank details from third-party suppliers. These requests could be part of a payment redirection scam.

Cybercriminals may impersonate a legitimate supplier, create a fake business and ABN, and contact your business, requesting updates to supplier details such as:

  • New contact details (phone numbers or email addresses)
  • Updated bank account information

Since contact details have been updated, verification processes may fail, leading to unintentional contact with the scammer.

  • Verify Requests: Always confirm any changes to phone, email or bank details directly with your supplier using known contact information.
  • Implement Controls: Establish internal procedures for verifying and approving any changes to supplier information.
  • Educate Employees: Train your staff to recognise and report suspicious requests.

If you suspect fraud on your account, have shared financial information, or transferred money, please contact us immediately. Our Customer Protection Team is available 24/7 to help you.

You can also report scams to the Australian Government’s  Scamwatch and the Australian Cyber Security Centre’s ReportCyber.

Latest alerts critical vulnerability

 Posted on 31 October 2024

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type: 

The ASD's ACSC has published a critical alert regarding vulnerabilities affecting FortiManager devices.

Fortinet are aware of active exploitation of vulnerable instances. This vulnerability has been allocated a CVSSv3 score of 9.8.

Australian organisations are advised to review their networks for use of vulnerable instances of FortiManager devices and implement the mitigation advice provided by the vendor.

Affected Australian organisations are strongly recommended by the ASD’s ACSC to patch this vulnerability as a matter of high priority. Patch information is available at PSIRT | FortiGuard Labs.

Organisations or individuals that have been impacted or require assistance can contact the ACSC at ReportCyber.

For more information, please read the Australian Cyber Security Centre’s alert, Vulnerability in Fortinet’s FortiManager.

Latest alerts critical vulnerability

 Posted on 25 September 2024

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type: 

The ASD's ACSC has sent a critical alert relevant to Australian organisations who are running or administering instances of Ivanti CSA 4.6 (Cloud Services Appliance).

Customers are encouraged to apply available mitigations and patches as soon as possible.

 

Organisations that use Ivanti CSA 4.6 (Cloud Services Appliance) should follow the mitigations advice provided in the Ivanti Security Advisory.

Ivanti advise that CSA 4.6 is End of Life and strongly recommends that their customers upgrade to CSA 5.0.

Organisations or individuals that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).

For more information, please read the Australian Cyber Security Centre’s alert: Critical vulnerability in Ivanti CSA 4.6 (Cloud Services Appliance)

Latest alerts critical vulnerability

 Posted on 16 September 2024

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type: 

The ASD's ACSC has sent a critical alert regarding the vulnerabilities impacting Veeam Backup & Replication software.

There is significant exposure to the Veeam Backup & Replication vulnerabilities in Australia, and any future exploitation could have a significant impact on Australian systems and networks.

 

Australian organisations should review their networks for use of vulnerable instances of Veeam and implement the following mitigation advice.

A patch for vulnerabilities is available. Refer to the Veeam security advisory for further information on mitigation advice. The ACSC strongly recommends that affected Australian organisations patch this vulnerability as a matter of high priority.

Organisations or individuals that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).

For more information, visit the Veeam Security Bulletin.

Latest alerts critical vulnerability

 Posted on 11 September 2024

High alert from the Australian Signals Directorate's Australian Cyber Security Centre (ACSC)

Type: 

The ACSC has published a high alert regarding vulnerabilities affecting CVE-2023-46085 and CVE-2024-21887 applications (This vulnerability impacts all supported versions ICS (9.x, 22.x) and IPS).

According to the ACSC, the vulnerability can result in deploying the destructive WhisperGate malware, for the purposes of espionage, sabotage, and reputational harm.

 

The ACSC encourages Australian organisations/businesses to:

  • Prioritise routine system updates and remediate known exploited vulnerabilities.
  • Segment networks to prevent the spread of malicious activity.
  • Enable phishing-resistant multifactor authentication (MFA) for all externally facing account services, especially for webmail, virtual private networks (VPNs), and accounts that access critical systems.

For more information, please read the Australian Cyber Security Centre’s webpage.

App Store is a service mark of Apple Inc. Google Play and the Google Play logo are trademarks of Google LLC

Top