Archived scams, fraud and security alerts

 Posted on 21 July 2024

Third party technology outage – Scam alert

Type:   

ANZ is aware of a global incident affecting some CrowdStrike and Microsoft services and we are monitoring the situation closely. There is no impact to ANZ's services and systems at this point in time.

Scammers are using this global incident to their advantage and we’re warning customers and businesses to be cautious of unsolicited calls, emails or messages requesting they download a software patch or provide remote access to fix or protect their computer from the CrowdStrike/Microsoft outage.

Downloading unsolicited software can give scammers access to your computer, including your bank accounts.

Customers and businesses should also be on alert to unsolicited requests from individuals claiming to be from their financial institutions or other businesses requesting they update or verify their personal or financial information due to the CrowdStrike/Microsoft outage.

How to protect yourself

• Never grant remote access or download software when prompted by unsolicited callers.
• Be wary if someone asks you to share your device screen.
• Don’t click on links or download attachments from an unexpected message or email.
• Never hand over your debit/credit cards to anyone, including someone claiming to be from your bank.
• Be suspicious of anyone asking you for personal information or payment. If in doubt, ignore the message, or just hang up.
• If you shared debit/credit card details, block or cancel those cards immediately. If your cards are with ANZ, you can do this through the app.

 Posted on 21 July 2024

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type: 

ASD’s ACSC have published a critical alert regarding a CrowdStrike software update has led to worldwide outages impacting Windows systems on Friday 19 July 2024.

ASD’s ACSC strongly encourages all consumers to source their technical information and updates from official CrowdStrike sources only.

ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

For more information, please read the Australian Cyber Security Centre alert - Widespread outages relating to CrowdStrike software update

 Posted on 19 July 2024

Consider using different usernames and passwords across all your online accounts

Type: 

How does it work?

Whenever possible, try using different usernames and passwords/passphrases across multiple online platforms and websites. In the event of a data breach, your login details for these platforms or websites may get compromised and can be used in a cyberattack known as credential stuffing.

In a credential stuffing attack, the cybercriminal will use previously stolen usernames and passwords from one platform or website and use them on other platforms or websites in the hope that users are re-using them – to get unauthorised access to their user accounts.

This may lead to fraudulent transactions being made using the payment information saved in the user accounts on these platforms and websites.

How to protect yourself

Attacks of this nature are becoming more prevalent. To help safeguard your money and your information, we want to remind you of the following tips:

• Use a different password/passphrase for different accounts.
• Use multi-factor authentication (MFA) on all accounts, wherever possible.
• Change your password/passphrase immediately, if impacted by a data breach.
• Monitor your online purchases and credit card transactions carefully.

 Posted on 05 July 2024

Pop-up scams / Scareware

Type: 

How does it work?

Whenever you browse the internet, be cautious of fraudulent pop-ups.

Pop-ups are windows or banners that automatically appear on a website and usually contain either advertising, notifications, or alerts. Often scammers use fraudulent pop-ups with warning messages to trick people into downloading software, click on links, or provide personal information. These fraudulent pop-ups are designed to create a sense of panic and may lead to personal data theft, financial loss, and broader security breaches within networks.

How to protect yourself

• Regularly update your operating system, web browsers, and applications.
• Be cautious when clicking on links or when you’re asked to download software from unknown sources.
• Consider installing legitimate antivirus and antimalware software on our device and keep it up to date. This may help protect your device if you’ve clicked a fraudulent pop-up and downloaded malicious software.
• Enable pop-up blockers to reduce your chances of receiving pop-ups.

 Posted on 12 June 2024

Bank impersonation scam alert

Type:    

How does it work?

We have been made aware of an increase in bank impersonation scams. Be cautious of SMS messages or phone calls, claiming to be from ANZ. They may ask you to transfer money, open another account, provide your sensitive banking details or download software.  

Remember, we will never ask you to:

• Transfer money to another account.
• Open a new account.
• Share sensitive banking details like your access PIN or card details.
• Provide access to your device.
• Share sensitive information like your access PIN or card details.

How to protect yourself

Impersonation scams impersonate not only banks, but government agencies, organisations and even friends or family members. Here are some tips to help you protect yourself:

• Be cautious of unexpected emails or SMS messages, or phone calls, and do not click on any links, or open any attachments.
• Contact your provider/bank immediately on a listed number if you receive a message from someone saying your account is at risk, under review, or locked or if you enter personal details into a link that you suspect is a scam.
• Do not share personal or financial details, and never provide your passwords, account numbers, or one-time passcodes to anyone.
• Always pause and reassess the situation. Scammers often create a sense of urgency, pressuring you to act quickly.

For more information about bank impersonation scams, visit ANZ Security hub – types of scams – bank impersonation scams.

 Posted on 05 June 2024

End of Financial Year Scams

Type:    

Individuals should be aware of increased scam activity as sophisticated cyber criminals take advantage of the busy tax period. During this busy time, scammers may use sophisticated tactics to try and catch you off guard. There are various types of scams, and the intent is clear - they want to steal your money or personal information.

Cyber criminals attempt to take advantage of this time of year with tax-related impersonation scams, namely those appearing to originate from the Australian Tax Office (ATO) or other government services such as myGov.

Scammers may impersonate the ATO or myGov and threaten individuals and businesses with tax debt or offer rebates.

Individuals should stay alert to phishing, smishing (SMS phishing) and vishing (phone call phishing) scams. Always verify that requests are authentic before clicking on links, opening attachments or following instructions, particularly when it comes to your finances or personal information.

Otherwise, if you are unsure about the authenticity of a call or message, contact the ATO or applicable government service to verify.

Top tips to help protect yourself during tax time:

• If you receive a request via email, phone or SMS message to change or update payment information, always verify by contacting the supplier directly using contact information that you know is genuine, and not contained within the suspicious communications in question.
• Turn on multi-factor authentication for all essential services such as email, bank, social media accounts and any databases holding personal or customer information.
• Access websites directly by typing the URL into a web browser, rather than clicking on a link.
• Remember, if something seems too good to be true, it usually is. Pause and verify before acting.

If you receive one of these messages, do NOT click on the link, and delete the message immediately.

 Posted on 05 June 2024

High alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type: 

What is this alert?

The ASD's ACSC has published a high alert regarding increased cyber threat activity affecting Snowflake customer environments.

The ASD’s ACSC is aware of successful compromises of several companies utilising Snowflake environments.

How to protect yourself

ASD’s ACSC encourages Australian organisations who utilise Snowflake to reset credentials for active accounts, disable non-active accounts, enable Multi-Factor Authentication (MFA) and review user activity.

Snowflake has also published an advisory to assist in identifying instances of unauthorised access.

For more information, please read the Australian Cyber Security Centre’s alert, Increased cyber threat activity targeting Snowflake customers. 

 Posted on 05 June 2024

High alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type: 

What is this alert?

The ASD's ACSC has published a high alert regarding a vulnerability in Check Point’s Quantum Security Gateway devices that enables access of sensitive information to an unauthorised actor.

The ASD’s ACSC is aware of active exploitation of vulnerable instances.

How to protect yourself

ASD’s ACSC encourages Australian organisations to review their networks for use of vulnerable instances of Check Point’s Quantum Security Gateway and implement the mitigation advice provided by the vendor.

A hotfix for the vulnerability is available, and the ASD’s ACSC strongly recommends that affected Australian organisations patch this vulnerability as a matter of high priority.

For more information, please read the Australian Cyber Security Centre’s alert, CVE-2024-24919 - Check Point Security Gateway Information Disclosure.

 Posted on 30 May 2024

Loyalty points scams

Type:   

We are aware of a new scam targeting customers of loyalty programs of large, well-known Australian companies (including but not limited to airlines, telecommunications and retail companies).

The scam is delivered to customers through a text message or email stating their loyalty points are expiring. This correspondence includes a link to a fake website, which prompts customers to login. Customers may also be asked to provide credit card details to use loyalty points.

If the customer follows the instructions as per the email or text, scammers will steal their points, login details and/or personal information to use on other platforms and commit identity fraud.

Tips to protect yourself from loyalty points scams:

• Don’t click on links included in a text message and be wary of suspicious links contained in emails.
• Always navigate to the company’s app or website independently to check the status of your points.
• Contact the company to confirm whether the correspondence you have received is genuine.

For more information about this scam, visit Scamwatch.

 Posted on 30 May 2024

Term deposit scams

Type:  

How does it work?

Scammers may pose as online product comparison companies, financial firms, or create fake term deposit advertisements with better interest rates.

These fake advertisements can be difficult to spot.  

If you share personal information on these fake websites and advertisements, a scammer might contact you, claiming to work for the promoting company and offer to open an account in your name. If you agree, you’ll be given fraudulent account details, and any money you transfer to this account will end up with the scammer.

How to protect yourself

• Be cautious – if an offer appears too good to be true, it probably is.
  
• Exercise caution when your term deposit matures and you’re looking for new term deposit options.
• Be mindful that online search results may display fake/malicious websites.
• Independently verify with the financial institution that the offer you have found is genuine.  You can do this by calling the financial institution directly.
• Ensure that you confirm that the BSB and account number that you are transferring to are your own, or genuinely from the financial institution you are dealing with. 
• Remember that contact information obtained from websites, via links or email may not be genuine.
• Don’t share any personal information until you’re sure that the site you’re on is real.

 Posted on 30 May 2024

Scams involving the physical collection of (credit /debit) cards

Type:  

How does it work?

We are aware of a new scam involving the collection of physical credit/debit cards. The scam may originate as a phone call, claiming to be your Telco, IT support, or an online payment provider regarding your device being compromised.

The scammer may request you to download remote access software (such as Anydesk or TeamViewer) to ‘clean’ your device. This software enables the collection of your personal information, screensharing and monitoring of your online activity.  

The scammer calls again asking if you have received a call in the last few days requesting you to download remote access software, and that you have likely been hacked.

The scammer may then attempt to convince you to hand over your physical card(s) by claiming that your existing card is compromised and needs to be replaced. They might arrange to collect your physical card(s) from your home by a courier or bank representative.

How to protect yourself

• Never grant remote access or download software when prompted by unsolicited callers.
• Be wary if someone asks you to share your device screen.
• Don’t click on links or download attachments from an unexpected message or email.
• Never hand over your debit/credit cards to anyone, including someone claiming to be from your bank.
• Be suspicious of anyone asking you for personal information or payment. If in doubt, ignore the message, or just hang up.
• If you shared debit/credit card details, block or cancel those cards immediately. If your cards are with ANZ, you can do this through the app

 Posted on 16 April 2024

ANZ impersonation phone scam

Type: 

How does it work?

You may receive a call claiming to be from ANZ asking you to authorise a transaction on your account. The call is commonly delivered as a recorded message (asking you to press 1 to proceed), however, it may also be someone cold calling you posing as an ANZ officer. We have also received reports of this scam being delivered via SMS with a number to call to “confirm” the transaction.

If you respond to the recorded message or contact the number provided in the SMS, you might speak with a scammer who will attempt to trick you into following instructions (e.g. transferring money to a “safe” account) with the objective of stealing your money or personal details.

ANZ will never ask you to share sensitive banking details (like your password, PINs, ANZ Shield code or one-time passcode (OTP) for payment in an email or SMS), click a link to log in to your account, grant remote access to your computer or device or transfer money to another account.

How to protect yourself

• Hang up on suspicious callers claiming to be your bank.
• Call your bank on the number listed on their official website or on the back of your card to confirm whether a call or message is real. Don’t call the number on the message.
• If you receive a call from the bank asking you to transfer funds to another account, don’t do it!

 Posted on 16 April 2024

The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) has published a critical alert

Type: 

The ASD's ACSC has published a critical alert regarding vulnerabilities affecting Palo Alto’s PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls.

According to the ASD’s ACSC, the vulnerability can result in an unauthenticated attacker executing arbitrary code with root privileges on the firewall.

The ASD’s ACSC has stated that Australian organisations who have a Palo Alto Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187.

For more information, please read the Australian Cyber Security Centre’s alert, OS Command Injection Vulnerability in GlobalProtect Gateway.

 Posted on 31 March 2024

Phishing messages appearing to come from well-known organisations

Type:   

How does it work?

Messages appear to come from well-known companies and organisations such as the Australian Taxation Office (ATO) asking you for payment and with a link to proceed. The link typically directs you to a legitimate looking website to capture your card or banking details, often including the PIN or one-time passcode (OTP). The information you populate on these websites may be used to steal your money.

How to protect yourself

• Do not click on unusual links or unexpected attachments in emails or messages.
• Independently contact the organisation or government department to verify the message you received is legitimate.
• You can lock your credit or debit card through ANZ internet banking or the ANZ app if you are concerned your card details have been compromised.

 Posted on 27 March 2024

The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) has published a critical alert

Type: 

The ASD's ACSC has published a critical alert regarding vulnerabilities affecting Fortinet’s FortiClientEMS 7.2 to 7.2.2 and FortiClientEMS 7.0 to 7.0.10.

According to the ASD’s ACSC, CVE-2023-48788 can result in remote code execution by an unauthenticated threat actor to execute unauthorised code or commands via a specifically crafted request.

ASD’s ACSC encourages Australian organisations to review their networks for use of vulnerable instances of the FortiClientEMS and apply patches available from Fortinet.

For more information, please read the Australian Cyber Security Centre’s alert, Critical vulnerabilities affecting Fortinet’s FortiClient EMS

 Posted on 23 February 2024

Tangerine Telecom alert

Type: 

What is this alert?

ANZ understands that Tangerine Telecom is investigating a cyber-attack, resulting in the unauthorised access of its customers’ information.

Tangerine Telecom have advised via a media release that the information exposed may include personal information of their current and past customers.

Please visit Tangerine Telecom for further information.

How to protect yourself

Please refer to our dedicated Data Breach Customer Support page where you’ll find useful information and resources.

 Posted on 22 February 2024

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type: 

What is this alert? 

Applicable to individuals and IT teams of organisations and government who use Microsoft Office Outlook products.

The ASD's ACSC has published a critical alert regarding a vulnerability that exploits the Outlook preview pane as an attack vector, enabling malicious code execution in edit mode rather than the restricted protected view.

This vulnerability affects customers running the following Microsoft products:

• Microsoft Office 2016

• Microsoft Office LTSC 2021

• Microsoft 365 Apps for Enterprise

• Microsoft Office 2019

For more information, please read the Australian Cyber Security Centre’s alert, Microsoft Office Outlook Remote Code Execution Vulnerability.

How to protect yourself

• ASD’s ACSC encourages all Microsoft Office Outlook users to follow Microsoft’s mitigation advice.

 Posted on 7 February 2024

Credential stuffing - a growing issue

Type: 

How does it work?

In recent weeks, there have been numerous reports of data breaches in Australia and around the globe – all of which can lead to credential stuffing.

In a credential stuffing attack, the cybercriminal will use previously stolen usernames and passwords from one website and use them on other websites in the hope that users are re-using them – to get unauthorised access to their user accounts.

This may lead to fraudulent transactions being made using the payment information saved in the user accounts on these websites.

How to protect yourself

Attacks of this nature are becoming more prevalent. To help safeguard your money and your information, we want to remind you of the following tips:

• Use a different password/passphrase for different accounts

• Use multi-factor authentication (MFA) on all accounts, wherever possible.

• Change your password/passphrase immediately, if impacted by a data breach.

Learn more about protecting yourself online 

 Posted on 7 February 2024

“Accidental Deposit” scam

Type:     

How does it work?

ANZ is aware of a new scam on the rise involving “accidental deposits” on business customer accounts.

The scam begins with an unexpected payment being received in a customer’s account. The cybercriminal then contacts the customer stating that they’ve made an accidental deposit to the customer’s account, and requesting that they transfer the money back. The account the cybercriminal directs the customer to pay the “accidental deposit” is their own account.

Variations of this scam may involve a false call from the “bank” requesting funds to be transferred back into the sender’s account.

Please note, ANZ will never ask you to transfer funds to another account.

How to protect yourself

• If someone pays you unexpectedly and requests the payment to be returned, ask them to reach out to their bank to initiate a recall instead. Do not send the money back yourself.

• Always be wary of unexpected emails and messages as this may lead you to divulge your banking details - never click on links or download attachments from unexpected messages or emails.

Learn more about protecting yourself online 

 Posted on 31 January 2024

"Live Chat" bank impersonation scam variation

Type:    

We have observed another variation of the "Live Chat” bank impersonation scam whereby customers are asked to click on a link, via SMS or email to receive security assistance on their accounts.

This link leads to a fake ANZ website with a button to "Open live chat on Windows". The website may look very convincing. If the customer clicks on the button, software will be downloaded on the customer's device providing the scammer remote access to the device.

The scammer (impersonating an ANZ employee), may ask the victim to log into their online banking account, allowing the scammer to capture the customer's login credentials. The scammer may also take over the session and perform transactions or ask the customer to transfer their money into a "safe" account.

Please note, ANZ does not currently have a "live chat" feature.

Remember, ANZ will never ask you to:

• install software for live chat or remote access purposes
• provide sensitive banking details (like passwords, PINs, one-time passcodes for payment, Shield codes, token codes)
• click on a link to log in to ANZ Internet Banking or the ANZ App
• transfer money to another account

Important reminder: Never provide sensitive banking details or access to anyone, even if they claim to work for ANZ.

 Posted on 29 January 2024

The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) has published a high alert

Type:  

Applicable to businesses that are running or administering instances of Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS).

The ASD's ACSC has published a high alert regarding vulnerabilities in the Ivanti Connect Secure and Ivanti Policy Secure gateways. These vulnerabilities impact all supported versions – Version 9.x and 22.x. 

ASD’s ACSC encourages impacted Australian organisations to apply any available mitigations and patches as soon as possible.

For more information, please read the Australian Cyber Security Centre’s alert, Critical vulnerabilities in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS).

 Posted on 29 January 2024

Side Hustle Job Scams – A warning from the National Anti-Scam Centre (NASC)

Type:   

The NASC urges Australians looking to earn extra money through online ‘side hustles’ to be careful of scammers. This warning comes after reported losses to Scamwatch for jobs and employment scams almost tripled in 2023 (from $8.7m in 2022 to $24.7m in 2023).

According to the Australian Competition and Consumer Commission (ACCC) Deputy Chair Catriona Lowe , “Scammers are targeting people looking for online work in their spare time, promising them guaranteed income from jobs that include boosting the ratings of products and services through an online platform. In some cases, the jobs are as simple as liking posts on social media such as TikTok videos.” These scammers typically pretend to be from well-known retailers, department stores or pose as social media marketing agencies.

The victims often report that they responded to an advertisement on social media about a job opportunity. The scammer will then contact the victim directly via encrypted messaging apps such as WhatsApp. “The scam operates similar to an online game, with victims reporting that they are pressured to make an initial investment of their own money, along with ongoing payments in order to ‘level up’ and receive a higher income which they never receive,” Ms Lowe said.

For more information, please read the ACCC media release, Looking to earn extra cash? Don’t lose money to a side hustle scam.

 Posted on 19 January 2024

The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) has published a critical alert for businesses

Type:  

Applicable to businesses using Atlassian Confluence Data Center and Confluence Server.

The ASD's ACSC has published a critical alert regarding a remote code execution (RCE) vulnerability in Atlassian Confluence Data Center and Confluence Server.

ASD’s ACSC encourages Australian organisations to review their networks for use of vulnerable instances of Atlassian Confluence Data Center and Confluence Server, and consult Atlassian’s customer advisory for mitigation advice.

For more information, please read the Australian Cyber Security Centre’s alert, Remote Code Execution Vulnerability In Confluence Data Center and Confluence Server.

 Posted on 19 January 2024

Cyber security incident affects major brands in Australia

Type:  

ANZ is aware of a cyber security incident, known as, credential stuffing, affecting major brands in Australia, including but not limited to Dan Murphy’s, Event Cinemas, Binge, The Iconic, Guzman y Gomez, and TVSN.

According to the Australian Cyber Security Centre (ACSC), credential stuffing is a type of hack in which cyber criminals use previously stolen passwords from one website and try to use them elsewhere – targeting those who reuse their passwords on multiple websites. This may lead to fraudulent transactions being made using the payment information saved in the user accounts on these websites.

Here are some tips to help you protect yourself online:

• Use a different password/passphrase for different accounts.
• Use multi-factor authentication (MFA) on all accounts, wherever possible.
• Change your password/passphrase immediately, if impacted by a data breach.
• Monitor your credit card transactions carefully.

 Posted on 18 January 2024

Digital Wallet Scams

Type:     

Many Australians have recently been targeted by scams involving digital wallets.

Digital wallets enable eligible credit and debit card holders to store their card information on a device such as mobile phone, or wearable device such as a Fitbit.  This enables the card holder to make transactions without the need to carry the physical card.

Whilst digital wallets are safe, it is important to consider that scammers may try to link your credit or debit card to their own device and make unauthorised purchases.  

Be alert to the following:

Digital wallet scams usually start with SMS messages that appear to come from well-known companies, for example Netflix, Linkt or the Australian Taxation Office (ATO).  The messages suggest that your recent payment has failed, or that you are owed a refund, and your card details are required to be entered via a link. The link directs you to a legitimate looking website that is designed to maliciously capture your card details, often including the PIN. These details are used by the scammer to register the card information to a digital wallet on their device.

To complete the digital wallet registration, a verification code is sent to you by SMS.  If the scammer obtains this verification code, they will be able to link your credit or debit card to their own device and make purchases with your card. 

The scammer may wait several months before attempting to link your credit or debit card  information to their device. When they do, they might impersonate a bank officer and convince you to divulge the verification code. 

Tips to help protect yourself.

• If you receive an SMS, email or phone call requesting that you update your banking details, do not click on the link. Never put your credit card PIN or other passcode into a link. 
• Never disclose a verification code or any other passcode to anyone, even if they claim to be from ANZ or another trusted organisation. 
• Independently contact the company or government department that a message or call claims to be from using contact details you have verified yourself.
• If you receive a verification or passcode, read the SMS carefully to understand what the code is authorising.
• Always contact ANZ directly and immediately if you have entered your credit card PIN in a link; disclosed your verification/passcodes to anyone; received an unsolicited request for information, an unexpected verification code or an email saying your card has been added to a digital wallet when you did not authorise this.  
• You can lock your credit or debit card through internet banking or the ANZ app if you are concerned your details have been compromised.

 Posted on 18 January 2024

The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) has published a critical alert

Type:   

Applicable to users of GitLab on any platform

The ASD's ACSC has published a critical alert regarding vulnerabilities affecting Gitlab Community Edition (CE) and Enterprise Edition (EE). The most severe vulnerability allows an account take over via the ability to have password reset emails delivered to an unauthenticated email address.

ASD’s ACSC encourages customers to patch to the latest version using the GitLab upgrade path and to enforce multi-factor authentication for all GitLab accounts.

For more information, please read the Australian Cyber Security Centre’s alert, Critical vulnerabilities in GitLab Products.

 Posted on 17 January 2024

Multi-bank phishing scam

Type:   

We are aware of a sophisticated scam that has been designed to steal banking information from individuals.

The scam begins with an SMS that claims to be from myGov or the Australian Tax Office (ATO). The SMS prompts the user to click on a link where they will be taken to a fake web page claiming the individual is entitled to an additional refund on their tax return and the individual must verify their bank details to receive it.

On this page, the individual will see a list of financial institutions to choose from. Once a selection has been made, they will be redirected to a fake internet banking login page which will capture the individual’s banking details.

The ATO states that they will never send you a text message asking you to click on a link to give personal information.

How to protect yourself

• Do not click on unusual links or unexpected attachments in emails or messages.
• Stop and think twice before acting. Scammers often create a sense of urgency, pressuring you to act quickly.
• Always verify requests are legitimate by contacting the organisation on a verified number

 Posted on 14 December 2023

ANZ Impersonation scam alert

Type: 

We have been made aware of an email impersonating ANZ asking recipients to click a link and respond to security questions for account verification. The fake email claims that the recipients account is under “review” and their profile will be locked unless they click the link and answer some “challenge questions” to “verify access”. The fake email also claims that access to online banking and the mobile banking app “will be disabled” unless the recipient follows the instructions in the email within “48 hours”. The website collecting responses from the link now has been taken down, but customers are still encouraged to be vigilant against such attempts which may access personal and/or financial information.

Impersonation scams impersonate not only banks, but government agencies, organisations and even friends or family members. Here are some tips to help you protect yourself:

• Be cautious of fake emails, and do not click on any unexpected/unusual links or open any attachments.
• Contact your provider/bank immediately on a listed number if you receive a message from someone saying your account is at risk, under review, or locked or if you enter personal details into a link that you suspect is a scam.
• Do not share personal or financial details, and never provide your passwords, account numbers, or one-time passcodes to anyone.
• Always pause and reassess the situation. Scammers often create a sense of urgency, pressuring you to act quickly.

 Posted on 12 December 2023

Watch out for online hotel booking scams

Type: 

We are aware of a scam targeting online hotel and accommodation booking platforms users. Fake emails seemingly from the booking platform urgently asks users for payment authorisation to avoid cancellation of their booking. Another variation of this scam is notifying users that their payment was declined, and it needs to  be resolved immediately.

These phishing emails contain guest and reservation details making them look legitimate and have links that users are urged to click on to process their payment and retain their reservation.

Scammers also set up official looking fake hotel and travel websites with prices that are too good to resist in order to lure unsuspecting victims.

Prevent falling for this scam by contacting the booking platform or hotel directly through verified contact details instead of the provided links in the emails and double check the sender’s address. Keep track of your finances and if there are unauthorised or duplicate charges, call your bank immediately.

For more information visit Security Centre at anz.com or Stay Cyber Safe.

 Posted on 11 December 2023

The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) has published a high alert for businesses

Type: 

Applicable to all businesses using Atlassian products including Confluence, Jira and Bitbucket

The ASD's ACSC has published a high alert regarding serious vulnerabilities in Atlassian products including Confluence, Jira and Bitbucket. It is noted that previous critical vulnerabilities in these products have been significantly exploited by cyber criminals.

ASD’s ACSC recommends that if you operate Confluence, Jira or Bitbucket, that you review the vendor advisories to determine if you are affected. Affected organisations are advised to act now to secure their systems by applying all vendor recommended mitigations.

For more information, please read the Australian Cyber Security Centre’s alert, Serious vulnerabilities in Atlassian products including Confluence, Jira and Bitbucket.

 Posted on 27 November 2023

The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) has published a critical alert for businesses

Type:  

Applicable to all businesses using Citrix NetSCaler ADC and NetScaler Gateway

The ASD's ACSC has published a critical alert regarding vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway that may be in use on Australian networks.

ASD’s ACSC is aware that there have been successful exploitation attempts against Australian organisations and recommended that affected entities review the available mitigations and apply where possible as a matter of high priority.

The ASD’s ACSC has assessed that there is significant exposure to these Citrix NetScaler ADC and NetScaler Gateway vulnerabilities in Australia and that any future exploitation of these vulnerabilities would have a significant impact to Australian systems and networks. ASD’s ACSC advises that Australian organisations should review their networks for use of vulnerable instances of Citrix NetScaler ADC and NetScaler Gateway. The ASD’s ACSC has strongly urged affected organisations to install the relevant updated versions of Citrix NetScaler ADC and NetScaler Gateway as soon as possible. 

For more information, please read the Australian Cyber Security Centre’s alert, Citrix Products NetScaler ADC and NetScaler Gateway Vulnerabilities.

 Posted on 8 November 2023

Patch and update software vulnerabilities to help prevent cyber attacks

Type:  

The Home Affairs and Cyber Security Minister, Clare O’Neil has urged businesses to immediately address software vulnerabilities and conduct patch management to help prevent cyberattacks. (Australian Financial Review, 2023)

Businesses should ensure that software bugs are regularly patched and upgraded, for systems to function properly and securely.

Patches are updates that address specific software vulnerabilities. Cyber criminals can exploit these vulnerabilities when left unmanaged, leading to cyberattacks. Regular patching and updates can protect against cyber threats, but can also improve the performance of the system, thus keeping business operations running smoothly.

For more information, visit the Australian Cyber Security Centre and search for Alerts and Advisories.

 Posted on 8 November 2023

Scammers exploiting current Optus network outage

Type:   

We’re aware of an impersonation scam taking advantage of the Optus network outage on 8 November 2023.

How to protect yourself

• Be cautious of unsolicited calls or SMS messages claiming to be from your phone network provider.
• Don’t share your personal or financial details.
• Don’t click on links or open attachments.

Learn more about impersonation scams  

 Posted on 08 November 2023

Scammers creating fake product comparison websites

Type: 

Fake product comparison websites created by scammers are being used to dupe people who are searching online for financial products like term deposits.

How does it work?

Scammers pose as online product comparison companies, promoting accounts with higher-than-average interest rates. If you share personal information on one of these sites, a scammer might contact you, claiming to work for the product comparison company and offering to open an account in your name. If you agree, you’ll be given bogus account details. Any money you transfer to this account will end up with the scammer.

How to protect yourself

• Be cautious – if an offer appears too good to be true, it probably is.
• Be mindful that online search results may display malicious websites.
• Do your research to determine whether product comparison websites are legitimate.
• Don’t share any personal information until you’re sure that the site you’re on is real.

 Posted on 19 October 2023

Chinese authority extortion scam

Type:   

It has come to our attention that scammers posing as Chinese authorities are contacting young people studying and/or living in Australia to financially extort them using various threatening and intimidating tactics.

Targeted individuals are contacted through phone calls or messaging apps like Telegraph, WhatsApp, or WeChat. Mandarin-speaking scammers pose as Chinese authorities, police, staff from the Chinese Embassy or Consulate, or immigration officials. These scammers are falsely threatening criminal charges, extradition and/or deportation unless money is sent to those scammers.

In a variation of this scam, instead of directly asking the targeted individual for money, scammers will force victims to fake their own kidnapping and take photographs of themselves in vulnerable positions. This will then be used by the scammers to manipulate the victim’s family into paying a ransom.

If you’ve received and responded to a message that you now believe is a scam, and have transferred money or shared your ANZ banking details and/or account credentials, contact ANZ immediately.

You can also report scams to the Australian Government’s Scamwatch.

For more information on how to protect yourself online, please visit the ANZ Security Centre. Content is available in simplified and traditional Chinese via Scamwatch.

 Posted on 08 September 2023

Seniors discount card scams

Type:   

We are aware of an emerging scam targeting elderly Australians through fake websites or cold calls claiming to supply seniors discount card memberships.

According to the National Anti-Scam Centre (NASC), seniors may be targeted through a fake website that claims to be “officially approved” and offers to provide seniors discount card membership for a fee. In other instances, scammers are cold calling the elderly offering a fake seniors discount card and are asking for personal information over the phone. If personal information is subsequently provided to the scammer, they may use this information to commit identity fraud.

Please be aware that government bodies within Australia supply seniors card memberships for no cost, and therefore, seniors will never be asked to pay a membership or application fee.

Tips to help protect yourself or your loved ones:

• Pause and consider whether an offer is legitimate before making a payment or providing your personal information.
• If you receive an unsolicited call from someone offering a seniors discount card membership that seems suspicious, hang up.
• If you have received a scam call or have come across a fake website offering a seniors discount card for a fee, report it to Scamwatch.

 Posted on 24 August 2023

Toll road scams

Type:  

ANZ is aware of SMS phishing scams that impersonate toll road operators. These scams typically claim that an overdue toll notice is outstanding and needs to be settled immediately. Individuals may be threatened with late fees, severe penalties or negative impacts on credit scores for non-compliance. Scammers might claim that the individual’s vehicle may be (or has been) suspended.

To resolve the issue, the individual is prompted to follow a link to a fake website, designed to steal personal or financial details.

These SMS messages may come from a random number, or may be ‘spoofed’, appearing to originate from the legitimate toll road operator.

Remember:

• Be cautious of messages requesting for payment. Do not click on any links.
• If in doubt, call the toll road operator directly on a verifiable number from their official website or from a hard copy of an existing toll invoice.
• View and manage your toll road account/s directly through the organisation’s official website or app.

 Posted on 18 August 2023

Fake ANZ website alert

Type:  

Customers are advised that we’ve identified fake websites impersonating ANZ Transactive Global, with searches for ANZ Transactive being redirected to a fake site. The fake website’s log in page asks for a customer’s User ID, Password, Token or ANZ Digital Key, and mobile number to urgently update customer details through a series of verification pages, and ends with a message saying an ANZ representative will be calling them shortly. This information gives the fraudster enough details to be able to gain trust as an ANZ employee with the intention of committing fraud.

Fraudsters pay for ads to secure top search engine positions, exploiting users' trust and increasing the likelihood of successful scams.

Tips to help you bank securely:

• Go directly to the anz website (anz.com.au) to log-in instead of through search engines or hyperlinks.
• Check for misspelled words in the URL and website
• Refrain from clicking on links tagged as an Ad

 Posted on 10 August 2023

Romance-investment scams

Type:    

We are aware of scammers building relationships with people in order to build their trust and subsequently luring them into an investment scam. The scam starts with an unexpected message or request (including via email, social media platforms, messaging apps, etc.) from the scammer using a fake identity.

Once the scammer has built the individual’s trust, the scammer then manipulates the individual into believing they should quickly transfer money and/or provide personal and financial details to take advantage of a low-risk, high return investment. The scammer may offer to help the individual with their investments (by claiming to set up their accounts or trade on their behalf) or offer to teach the individual how to invest.

The scammer will typically disappear after the payment has been made or continue seeking opportunities to collect more money.

How to help protect yourself from Romance-Investment Scams:

• Don’t dive in head first – ask questions to verify their identity and claims
• Do a little digging to check if their profile (or alias) appears in anecdotes from other romance scam survivors
• Do a Google reverse image search of their photo to check if it has been used by others
• Don’t be pressured into sending money, especially If it seems too good to be true. Stop and think twice before acting on an urgent request
• Never share your personal information (like passwords, PINs, one-time passcodes (OTP), ANZ Shield Code and card number/s)
• Perform sufficient checks before giving your details or replying to messages offering financial advice or urgent investment opportunities.
• Never provide remote access to your device

You should make your own reasonable enquiries and check if a financial adviser is registered via the ASIC website and check ASIC’s list of companies you should not deal with. If the company that is asking for your investment is on the list – do not deal with them. 

 Posted on 27 July 2023

"Live Chat" Bank impersonation scam

Type:     

New variation of the bank impersonation scam detected

We have observed a new variation of the bank impersonation scam where an SMS, appearing to be from ANZ, is sent to customers advising them to expect a call from ANZ relating to "transaction issues".

During the call, customers are prompted to click on a link, provided in another SMS, to assist in resolving these issues. This link leads to a fake ANZ website with a button to begin "ANZ Live Chat". This website may look very convincing. If the customer clicks on the button, software will be downloaded on the customer's device providing the scammer remote access to the device.

The scammer (still impersonating an ANZ employee), will ask the victim to log into their Internet Banking, allowing the scammer to capture the customer's login credentials. The scammer may also take over the session and perform transactions or ask the customer to transfer their money into a "safe" account.

Remember, ANZ will never ask you:

• to click on a link to log in to ANZ Internet Banking or the ANZ App
• to provide remote access to your computer or phone
• for sensitive banking details (like passwords, PINs, one-time passcodes for payment, Shield codes, token codes)
• to transfer money to another account

 Posted on 26 July 2023

Loyalty points scams

Type:   

We are aware of a new scam targeting customers of loyalty programs of large, well-known Australian companies (including but not limited to airlines, telecommunications and retail companies).

The scam is delivered to customers through a text message or email stating their loyalty points are expiring. This correspondence includes a link to a fake website, which prompts customers to login. Customers may also be asked to provide credit card details to use loyalty points.

If the customer follows the instructions as per the email or text, scammers will steal their points, login details and/or personal information to use on other platforms and commit identity fraud.

Tips to protect yourself from loyalty points scams:

• Don’t click on links included in a text message and be wary of suspicious links contained in emails.
• Always navigate to the company’s app or website independently to check the status of your points.
• Contact the company to confirm whether the correspondence you have received is genuine.

For more information about this scam, visit Scamwatch.

 Posted on 21 July 2023

Tax time scams

Type:    

Individuals should be aware of increased scam activity as sophisticated cyber criminals take advantage of the busy tax period. During this busy time, scammers may use sophisticated tactics to try and catch you off guard. There are various types of scams, and the intent is clear - they want to steal your money or personal information.

Cyber criminals attempt to take advantage of this time of year with tax-related impersonation scams, namely those appearing to originate from the Australian Tax Office (ATO) or other government services such as myGov.

Scammers may impersonate the ATO or myGov and threaten individuals and businesses with tax debt or offer rebates.

Individuals should stay alert to phishing, smishing (SMS phishing) and vishing (phone call phishing) scams. Always verify that requests are authentic before clicking on links, opening attachments or following instructions, particularly when it comes to your finances or personal information.

Otherwise, if you are unsure about the authenticity of a call or message, contact the ATO or applicable government service to verify.

Top tips to help protect yourself during tax time:

• If you receive a request via email, phone or SMS message to change or update payment information, always verify by contacting the supplier directly using contact information that you know is genuine, and not contained within the suspicious communications in question.
• Turn on multi-factor authentication for all essential services such as email, bank, social media accounts and any databases holding personal or customer information.
• Access websites directly by typing the URL into a web browser, rather than clicking on a link.
• Remember, if something seems too good to be true, it usually is. Pause and verify before acting.

If you receive one of these messages, do NOT click on the link, and delete the message immediately.

 Posted on 04 July 2023

Online Sales Scams

Type:    

Online sale and marketplace scams using PayID, cheque and other payment channels

We are aware of scammers targeting individuals who are selling items through online marketplace and selling platforms.

Examples include:

PayID scam

Common variations of the scam include the scammer offering to purchase the goods via a PayID associated with an email.

If agreed, the scammer then claims that either:

• they paid for the goods but there was an issue with the payment because the buyer doesn’t have a ‘premium’ or ‘business’ account. The scammer claims to have paid for the upgrade on behalf of the seller and requests ‘reimbursement’; or
• they accidentally overpaid for the goods and seek ‘reimbursement’.

Having the seller's email, the scammer may also send a fake email appearing to originate from ‘PayID’ as ‘evidence’ of the payment, further pressuring the seller into ‘reimbursing’ them.

This is a scam, and the seller does not receive any money to their account.

PayPal scam

Similar to the PayID scam, the scammer poses as a buyer purchasing goods through PayPal. If the seller agrees to the sale, a scam email may be received claiming that the “buyer” has paid for the goods, but there was an issue with the payment because the seller doesn’t have a business account. The scammer at this point may claim to have paid for the upgrade and requests a ‘reimbursement’, alternatively, they may continue to email the seller requesting personal/financial details and screenshots of the seller’s PayPal account.

The seller does not receive any money into their account.

The following is an example of such a scam:

Cheque scam

Typically, the scammer requests to pay for the goods with a cheque and asks the seller for their account details.

If agreed, the scammer then deposits a valueless cheque into a smart ATM. The sellers account may indicate that money has been deposited, reflected under their account ‘Balance’, instead of under ‘Funds’. These terms may differ depending on who you bank with.

Believing they have been paid, sellers then release the goods to the buyer. However, the cheque is later dishonoured, and the customer is not paid for the item.

Remember:

• PayIDs are managed by your bank, and PayID would never contact you directly. If you have concerns, please contact your bank.*
• Do not make any ‘reimbursement’ payments unless you have confirmed and verified a payment/overpayment received in your account.
• Do not release any goods to the buyer until payment is confirmed.
• It generally takes three to seven working days for a cheque to clear.
• ANZ uses the labels ‘Funds’ and ‘Balance,’ for more information click here

*PayID is a secure way to help you make and receive fast payments between banks. For more information, visit anz.com/payid

 Posted on 20 June 2023

HWL Ebsworth data breach

Type:  

ANZ is aware of a cyber-security incident at the Australian law firm, HWL Ebsworth (HWLE).

HWLE is one of the legal firms ANZ uses to provide legal advice. The incident has not affected ANZ’s systems.

ANZ understands the unauthorised access by a third-party to HWLE’s systems has resulted in the disclosure of personal and confidential information of HWLE clients.

What we are doing:

• We are working with HWLE and others to address the potential exposure.
• ANZ will contact those employees and customers whose information may have been disclosed and who need to be notified.
• We recognise cyber events like these are distressing for those involved.  We will continue to work as hard as we can to prevent such events impacting on ANZ’s customers, staff and shareholders and the community more broadly.

We have developed a dedicated Data Breach Customer Support page where you will find supporting resources and frequently asked questions.

If you are an ANZ customer, please ensure you look out for unusual or fraudulent activity. If you would like increased security across your accounts, please contact us or Report bank fraud immediately.

More information relating to this incident is available on the HWL Ebsworth website or contact HWLE at hwlecyberhelp@hwle.com.au

 Posted on 09 June 2023

Investment scams

Type:   

Investment scams are on the rise, particularly those involving cryptocurrency. Cryptocurrency is a form of digital currency such as Bitcoin.

A scenario we are aware of are scammers posing as ‘advisors’ tricking individuals who have invested in cryptocurrency, into handing over their login credentials. Once they have access to the cryptocurrency wallet, the scammer transfers the cryptocurrency out, rather than investing the funds as the individuals are led to believe. The scammers often appear very professional and knowledgeable and may impersonate legitimate organisations.

You can find out more about different types of investment scams at Scamwatch.

Be aware of the alarm bells. According to Moneysmart, signs of an investment scam may include: 

• offering high investment returns
• the absence of an Australian Financial Services (AFS) licence
• frequent contact pressuring you to make fast decisions
  
• providing an investment prospectus that is not registered with the Australian Securities & Investments Commission (ASIC)
• the use of a reputable organisation’s name to instil credibility

To reduce the risk of your falling for an investment scam, we recommend that you perform sufficient checks before giving your details to an unsolicited caller or reply to emails offering financial advice or urgent investment opportunities. You should make your own reasonable enquiries and check if a financial adviser is registered via the ASIC website and check ASIC’s list of companies you should not deal with. If the company that is asking for your investment is on the list – do not deal with them. 

 Posted on 10 May 2023

myGov scam

Type:   

We are aware of a new phishing campaign circulating.

The SMS message appears to come from ‘myGov’ and states that “Eligible individuals can receive a one-time payment of $750 to help with their living expenses”. In the example above, an illegitimate link to a website has been included in the SMS message and if individuals click the link, it may direct them to a fake ‘myGov’ website.

Scammers are targeting myGov, and reports to the Australian Competition and Consumer Commission (ACCC)’s Scamwatch regarding myGov email and SMS message scams have increased by 160% in the month from December 2022 to January 2023.

The ACCC Scamwatch has warned individuals to stay vigilant about myGov scams and advised against clicking on a link included in an email or SMS message, or to share any personal information. myGov will never send you an email or SMS message with a link directing you to a website to sign in to your myGov account.

If you receive one of these email or scam SMS messages, do NOT reply to the message, do NOT click the link, and delete the message immediately. 

 Posted on 01 May 2023

Phishing/SMS Scam

Type:  

ANZ is aware of a new scam text message which appears to come from ANZ. The text message states that the customer’s debit card needs additional verification, and a link is provided to reactivate the card.

The link in the text is similar to the correct ANZ website address (anz-login.com instead of the correct link anz.com). If clicked, the link will take you to a site that looks legitimate but has been designed to steal your personal information. In this instance, customers are being asked to reveal their Customer Registration Number (CRN), internet banking password, email, password, and mother’s maiden name. Customers are also being asked to provide images of identification documents.

Remember, ANZ will never email, call or text message you, asking for personal information like your password, PIN, one-time password (OTP) for payments, RSA token, ANZ Shield or ask you to transfer funds into another account.

If you receive one of these messages, do NOT click on the link, delete the message immediately.

 Posted on 01 May 2023

Latitude Financial Services data breach

Type:  

ANZ is aware that Latitude Financial Services is investigating a cyber-attack, resulting in the unauthorised access of its customers’ information.

Latitude Financial Services has advised the information exposed may include identification documents of prospective applicants, current and past customers, BSB numbers, account numbers and credit card numbers.

More information is available on the Latitude Financial Services website, and at IDCARE.

Please refer to our dedicated Data Breach Customer Support page where you will find more useful information and resources.

If you are an ANZ customer, please ensure you look out for unusual or fraudulent activity. If you would like increased security across your accounts, please contact us or Report bank fraud immediately.