ANZ phishing scams

Phishing scams, hijacking of TM accounts, keyloggers and all manner of other nasties. This is the place to report them and get help if you've been hit.
Post Reply
User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

ANZ phishing scams

Post by digidog » Wed Aug 06, 2008 8:00 pm

Subject: ID#4129 Important Information Regarding Your Account
From: ANZ Internet Banking <usrdpt@anz.com>
Reply-To: usrdpt@anz.com

Dear (my email address)
,
We recently reviewed your account, and we suspect an unauthorized ATM based transaction. Therefore as
a preventive measure we will temporary limit your access to sensitive ANZ features. To ensure that
your account is not compromised, please login to your ANZ Internet Banking and verify your identity to
prevent deactivation.
SERVICE: ANZ Internet Banking.
What you need to do:
- Go to: ANZ Internet Banking
https://www.anz.co.nz/INETBANK/bankmain.asp" onclick="window.open(this.href);return false;
- Login to Internet Banking.
Thanks for your patience.
Sincerely,
ANZ Centre
****************************************************************************
For any inquiries, contact Customer Service.
****************************************************************************
The email came from Germany and the phishing site is hosted in Korea. I've
sent a copy to both ANZ and SpamCop.

The link goes to sehwa.net/download/st/q1.php?dig=(email address)
which refers you to the actual phishing site at gmglory.com - a Korean
site for kids.

THIS IS A LIVE PHISHING SITE
DO NOT ENTER ANY INFORMATION

Steal my money!!!

Inputting false login info then transfers you to the real ANZ site.

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Wed Aug 06, 2008 8:46 pm

ANZ are on the case. The phishing site is now redirecting to the real ANZ
site with a warning about hoax emails. The directory holding the phishing
site is still there.

http://gmglory.com/bbs/anz/nz/inetbank/

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: ANZ phishing scam - 7 Aug 08

Post by Foggyone » Fri Aug 13, 2010 12:52 am

Protect Your Account!
From:
ANZ Bank <noreply@anzbank.co.nz>
To:
Date:
Fri Aug 13 11:03:01 2010
 


Dear client,
The security system of ANZ online banking has detected unusual activity to your account. To be able to continue using your credit card and to remove all restrictions, we recommend to check your online banking account.
For direct access please follow the link bellow:

Caution - Live link

Thank you for banking with ANZ online banking, a founding sponsor of Get Safe Online.
ANZ National Bank Limited, 1997-2010
Important:
Please do not reply, this is an automated e-mail.
the link bellow (sic)

Not a very well done page!
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: ANZ phishing scam - 7 Aug 08

Post by Foggyone » Wed Jan 12, 2011 2:03 am

Email image here.

The email has an HTML attachment with the form. Points to http://c1gw1.com/stech_web.php" onclick="window.open(this.href);return false;
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Sun Mar 13, 2011 5:28 am

Here's another ANZ phishing scam. Phishing email from Germany, site hosted in the US.

BEWARE: LIVE PHISHING SITE!
http://www.anz.com.nz-inetbank.bankmain ... index.html" onclick="window.open(this.href);return false;

This phishing site cleverly tests your login details with the real ANZ site and returns the
following message if you're trying to fool it.
Your customer registration number or password was incorrect, please try again.
After three incorrect logon attempts, your access will be suspended for security reasons.
I've emailed the US hosting company.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: ANZ phishing scams

Post by Foggyone » Sun Mar 13, 2011 7:16 am

It looks good, a total lift from the real site, except for the URL and the absence of SSL.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: ANZ phishing scams

Post by Foggyone » Sun Mar 13, 2011 5:49 pm

This morning the phish page shows as a web forgery in Firefox.

The page is still reachable using another browser. However clicking the login button brings up the info that the account has been suspended.

Viewing racingsims.org shows the account has been suspended. What an odd collection of results!
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Sun Mar 13, 2011 10:11 pm

Foggyone wrote:What an odd collection of results!
Not really. Racing sims is a small site and their hosting company will have taken them offline
until such time as security is upgraded by the site owners. I'd like to think that my email
played a small part in that process.
;-)

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Sun Mar 20, 2011 1:27 am

Another ANZ phishing scam surfaces. The link in the email redirects to another site.
Beware, both of these are live phishing links.

Email link:
http://anz.com.nz-inetbank.bankmain.asp ... dings.com/" onclick="window.open(this.href);return false;

Ironically this site is specifically for Jehovah's Witnesses.

Phishing site:
http://anz.com.nz-inetbank.bankmain.asp ... usion.com/" onclick="window.open(this.href);return false;

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: ANZ phishing scams

Post by Foggyone » Sun Mar 20, 2011 3:15 am

Ironically, the second site hold themselves out to be internet gurus, specialising in SEO & website design. That apparently doesn't extend to website security.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: ANZ phishing scams

Post by Foggyone » Sun Mar 20, 2011 7:30 pm

The two sites above are both flagged as web forgeries. However, anyone using a browser that does not report this (such as Konqueror in Linux) does not see a warning, and the sites will collect logins.

There is built in login checking, by the looks of the results I got.

Anyone using an old or incomplete browser to login to a Bank site needs to be taken out and shot!
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Fri May 27, 2011 8:07 am

I've just received two ANZ phishing scams that lead to a very convincing site.

Caution: LIVE phishing site
http://anz.com.inetbanlogin.verifyaccou ... swara.com/" onclick="window.open(this.href);return false;

It's being hosted on an Indonesian site.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

A Different Hook

Post by Foggyone » Wed Dec 07, 2011 6:06 pm

Your Secure Messages Center has 1 new message
From: ANZ <security@onlineupdate.com>
To: [Deleted]
Date:
Tue Dec  6 15:36:44 2011
 
Anz Bank
 
 
We'd like to inform you that your Secure Messages Center has 1 new message.
Please login to your Online Banking and visit the Secure Message Center section in order to
read the message.
 
Log On to Online Banking. 
 
(The Message Center contains only important information about your account and online banking.)

Copyright Australia and New Zealand Banking Group Limited ABN 11 005 357 522, 1996-2011.
ANZ's colour blue is a trade mark of ANZ.
A different approach. Also, this phish was aimed at our office by being correctly addressed (not to undisclosed recipients).
Originated out of Germany.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Sun Dec 18, 2011 7:42 pm

ANZ has disabled parts of its online account services after a security flaw was discovered today that exposed customers'
personal banking details through electronic statements. The problem may take weeks to fix.

Customers of the bank will not be able to download electronic statements from their accounts until the bank repairs a
function that allowed those statements to be recovered by anyone who accessed a web browsers’ history.

Until further notice, ANZ customers who receive electronic statements will now receive them in the mail.

http://www.smh.com.au/business/security ... 1ow7g.html" onclick="window.open(this.href);return false;

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest