skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus
Find ANZ Support Centre
Find ANZ Support Centre

Latest scams, fraud and security alerts

Stay informed on the latest scams, fraud, and security alerts. Learn about emerging cyber threats and important online risks as they arise. If you are a business, make sure to stay updated with the latest business security alerts  that could impact you.

Explore the latest alerts below, and make informed decisions to help keep your personal and banking details safe.
 

 Businesses: See latest security alerts 

 February 2025

Latest alerts critical vulnerability

 Posted on 21 February 2025

ScamWatch Alert - Investment Bonds 

Type:  

ScamWatch has published an alert advising that criminals posing as legitimate businesses are offering fake investment bonds, claiming that they offer high returns that are protected by the government. They encourage people to register their personal details on fake websites, steal money by getting people to buy fake investment bonds, and also use your personal details to commit other scams.

 

According to ScamWatch, there are steps you can take to help avoid investment scams:

If you suspect fraud on your account or have shared personal or financial information, or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.

You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber or IDCARE

For more information, please read Scam alert: Investment bonds scam | Scamwatch

Latest alerts scam call

 Posted on 05 February 2025

Australian Signals Directorate's Australian Cyber Security Centre (ASD’s ACSC) impersonation phone and email scam

Type:  

The ASD's ACSC has published an alert advising of emails and phone calls from cybercriminals claiming to be them.

The content of the scam emails and phone calls vary but typically ask you to give personal information (such as passwords or bank details), money or ask you to download software.

To make the scam emails appear legitimate, cybercriminals have been using the ASD’s ACSC logo and signature block.
 

Remember, never click on unknown or suspicious links, and always verify unexpected callers, emails or SMS requests through official channels.

If you suspect fraud on your account or have shared personal or financial information, or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.

You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.

For more information, please read the Australian Cyber Security Centre’s alert.

 December 2024

Latest alerts scam call

 Posted on 12 December 2024

Card collection scam

Type:   

We are aware of a new scam involving criminals impersonating trusted organisations like banks, IT companies, or phone companies, claiming that your bank accounts or computers are not secure. They may ask for your PIN and instruct you to leave your bank card in your letterbox so it can be cancelled and replaced. They may even ask you to withdraw cash and leave it in the letterbox instead.

These scammers use technology to spoof legitimate phone numbers and may call or send texts in the same thread as your real bank. Scamwatch reports indicate that older and vulnerable Australians living alone are being targeted, with large sums of money being stolen.

Scammers usually pretend to be from trusted organisations to gain your trust. They are likely to create fear about the security of your money or device, prompting you to act without verifying their claims. Once they have your card and PIN, they can withdraw money from your account.

 

STOP - Never tell anyone your PIN or give your card or cash to someone you don’t know. Say no, hang up, delete.

CHECK - Scammers call and pretend to be from organisations that you know and trust – like your bank. If you’re not sure, call the official number of the organisation to check. You can find this on their website, app or the back of your bank card.

PROTECT - If a scammer has taken your money, bank card or personal details, contact your bank or card provider immediately to report the scam and ask them to stop any transactions. Call the police if your cash or card has been taken by someone you don’t know.

If you have shared financial information or transferred money because of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.

You can also report scams to the Australian Government’s Scamwatch.

Latest alerts scam website

 Posted on 11 December 2024

Be alert to scams this festive season

Type:     

With the festive season upon us, it’s crucial to strengthen your defences against cybercrime and stay vigilant to scams.

During the busy end-of-year and peak online shopping period, our heightened online activity can make us more vulnerable to scams and cyber-attacks.

Cybercriminals often exploit this time of year, preying on people who may be more likely to respond to ‘urgent’ requests or clicking on fake websites. As we prepare for the festive season, it’s essential to be on the lookout for scams such as: Online Stores or Booking Agencies, Parcel Delivery, eCards and Charities.

 

Top tips to help protect yourself and your business this festive season:

  • Avoid clicking links in emails, SMS messages or pop-ups. Access websites directly through your web browser instead.
  • Always use an online store, booking agencies or charitable organisation that is reputable and legitimate.
  • Don’t assume that the first search result on your web browser is the real website.
  • Don’t rely on the contact details or website address provided in a suspicious call, email, or SMS. Confirm the legitimacy of messages through verifiable numbers.
  • Ensure automatic updates on your device are turned on and your anti-virus and anti-spyware software are up to date.

If you suspect fraud on your account or have shared financial information or transferred money as a result of a scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.

You can also report scams to the Australian Government’s Scamwatch.

 Business alerts

Latest alerts critical vulnerability

 Posted on 24 January 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

A critical alert has been published regarding vulnerabilities affecting FortiOS & FortiProxy - Authentication bypass in Node.js websocket module.

The vulnerability may allow an unauthenticated remote attacker to gain “super-admin” privileges.

Affected versions/applications:

  • FortiOS version 7.0 - 7.0.0 through 7.0.16
  • FortiProxy version 7.0 - 7.0.0 through 7.0.19
  • FortiProxy version 7.2 - 7.2.0 through 7.2.12

It is recommended that businesses, organisations, and government entities:

  • Follow Fortinet’s published advice for affected versions.
  • Upgrade to the latest FortiOS and FortiProxy versions.
  • Investigate for potential compromise of these products, leveraging the published IOCs.
  • Monitor and investigate for suspicious activity in connected environments.

For more information, please read the Australian Cyber Security Centre’s alert: FortiOS & FortiProxy - Authentication bypass in Node.js websocket module vulnerability | Cyber.gov.au

Latest alerts scam website

 Posted on 11 December 2024

Be alert to scams this festive season

Type:     

With the festive season upon us, it’s crucial for businesses to strengthen their defences against cybercrime and for consumers to stay vigilant.

The increased use of digital tools for everyday tasks has led to a surge in cyber-attacks, impacting both individuals and businesses. During the busy end-of-year and peak online shopping period, our heightened online activity can make us more vulnerable to scams and cyber-attacks.

Cybercriminals often exploit this time of year, preying on people who may be more likely to respond to ‘urgent’ requests or click on links in emails. As businesses prepare for the festive shutdown, it’s essential to ensure that cyber resiliency plans are up-to-date and that scam awareness is heightened.

Cybersecurity is a shared responsibility, and staying vigilant is crucial. By taking these proactive steps, you can help safeguard your business, your customers, and your staff against cyber threats during the festive season and beyond.

 

Top tips to help protect yourself and your business this festive season:

  • Seek confirmation if you receive an email or phone request to change banking details from a supplier or employee. Always confirm by contacting the supplier or employee directly on a trusted contact number.
  • Turn on multi-factor authentication for all essential services such as email, bank, social media accounts and any databases holding your customer information.
  • Avoid clicking links in unsolicited emails, text messages or popups, instead access websites directly through your web browser. Take extra care at this time of year when opening Christmas eCards.
  • Set up a PayID and BPAY for your business and remove your account number and BSB from your invoice payment options.

Protect the sensitive data you share and the data your organisation creates, collects, stores and shares. Never share passwords, PINS or OTP’s (one-time passwords)

If you suspect fraud on your account or have shared financial information or transferred money as a result of a scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.

You can also report scams to the Australian Government’s Scamwatch.

Latest alerts critical vulnerability

 Posted on 02 December 2024

Protect Your Business from Remote Access Scams

Type:    

We are seeing a continuous rise in remote access scam attempts where cybercriminals impersonate bank representatives to gain unauthorised access to your systems. These scams may lead to significant financial losses and data breaches.

Cybercriminals often claim to be calling from a bank’s fraud department, referring to an account compromise, suspicious transaction, or online banking outage to create a sense of urgency. They may send messages that include a link to a website controlled by the scammer, where you might be prompted to enter important banking information.

Remember, ANZ will NEVER ask you to:

  • Share sensitive banking details like passwords, PIN’s, ANZ Shield codes, token codes or one-time passcodes (for payments).
  • Download software.
  • Provide access to your device.
  • Transfer money to another account.
  • Scan QR codes to verify transactions.

  • Always verify the identity of the caller. Contact your bank directly using official contact details before taking any action.
  • Always log into your internet banking through the ANZ app or our official website. Type the URL (www.anz.com.au) directly into your browser and avoid clicking on links sent to you that claim to direct you to our site.
  • Keep all software, including remote access tools, up to date with the latest security patches.
  • Review remote access capabilities within your organisation.
  • Ensure your staff are aware of phishing attempts and the risks of unsolicited remote access requests.
  • Review and strengthen payment processes in your organisation.

If you suspect fraud on your account, have shared financial information, or transferred money, please contact us immediately. Our Customer Protection Team is available 24/7 to help you.

You can also report scams to the Australian Government’s  Scamwatch and the Australian Cyber Security Centre’s ReportCyber.

View older alerts 

Important information

App Store is a service mark of Apple Inc. Google Play and the Google Play logo are trademarks of Google LLC

Top