Mobile phone users are being warned of a new SMS phishing scam, where victims are redirected to fake Australian banking websites then fleeced of their private login details.
The scam is quite sophisticated, using genuine-looking web addresses and employing website design that looks as if it’s the real thing.
Potential targets are sent a short text message (SMS) with a legitimate looking link from a genuine banking institution. The SMS, when clicked, directs them to a fake website such as the one pictured above. Duped customers are then encouraged to enter private banking login details which are captured by crafty criminals.
According to the ACMA warning, “It appears that the criminals behind this campaign are constantly refining their messages and the associated fake imitation banking websites to increase their chance of success. In the fake ANZ mobile banking website scam, you can see how they have even used a fake ‘loading’ page to simulate standard mobile banking transactions.”
The only obvious giveaways are the URLs (web addresses), which, although similar, can still be recognised as false addresses. ACMA has released some sample text messages with URLs of which you should be aware. The ones listed below are targeting ANZ customers:
- Account notification: hXXp://m.anzmobilebank. com/
- Account notification: Verify your identity hXXp://m.anzmobilebank. com/
- Account Notification: hXXp://anz-notification. Com
- Account Notification: hXXp://mobile-anz. Info
- Dear ANZ Customer, Notification: hXXp://anz-mobile. Center
- Internal message received: hXXp:/anzmobilebank. com
- Notification: hXXp://anz-mobile. Center
- Verify your identity: hXXp:/anzmobilebank. com
Targeted banks included in the scam are ANZ, Bank of Queensland, Bendigo, GE Money, Heritage, Macquarie, National Australia Bank, St George and Suncorp, with more institutions being progressively targeted.
ACMA’s useful tips to help you stay protected
To help minimise your chances of being duped by these and other phishing campaigns, we recommend that you:
- don’t open SMS or emails from unknown or suspicious sources
- don’t click on any of the links contained in these messages
- always carefully check the authenticity of a website that requests your user credentials
- never reuse the same password when you login to websites
- where available, use two-factor authentication on your accounts.
If you or someone you know has been sent a scam text message, please notify ACMA on 0429 999 888.
Read more at the Australian Communications and Media Authority website
Related articles:
Be protected when using public wifi
Fake emails explained
Ten best security websites