Top Menu

Wednesday 17 Feb 2016 – Cyber Security Alert: Banks targeted by SMS phishing scam

Cyber Security Alert: Banks targeted by SMS phishing scam

SMSPhishing

This alert is based on cyber-security advice received from the ACMA: www.acma.gov.au

Mach Technology is warning all customer mobile phone users of a persistent and sophisticated SMS phishing campaign currently underway that is targeting mobile banking customers in both Australia and New Zealand.

What Does it Look Like?

The SMS messages are short and to-the-point, containing URLs that direct the recipient to a fake mobile banking website, which is almost indistinguishable from the real thing.

The sophistication and scope of the campaign is indicated by the extensive use of internet domains that closely resemble the legitimate domains of Australian and New Zealand banks. Often these domains will be active for only a very short time, replaced shortly thereafter with another ‘plausible’ bank domain.

For example, the ACMA has received reports of SMS targeting ANZ bank customers as follows (Note*: hXXp below to disable links):

SMSPhishing2

If the URL is followed, the person targeted will be presented with a fake website presenting a series of webpages. The following screenshots are examples of a current and sophisticated fake ANZ mobile banking website scam. You can see how legitimate each screen looks, especially as they’ve tried to tailor their design to reflect the same ‘look’ and ‘feel’ of the ANZ bank’s branding.

SMSPhishing3

Many Australian and New Zealand banks (ANZ is only an example above) are being targeted by this constantly evolving campaign.

If you have even the slightest concern that you may have inadvertently responded to one of these phishes and passed on your banking credentials or personal information to the criminals behind the campaign, we recommend that you immediately contact your financial institution to seek their advice.

Useful tips to help stay protected

To help minimise your chances of being duped by these and other phishing campaigns, we recommend that you:

  • don’t open SMS or emails from unknown or suspicious sources
  • never follow hyperlinks contained in these messages
  • always carefully check the authenticity of a website that requests your user credentials
  • never reuse the same login credentials on any web service
  • where available, use two-factor authentication on your accounts.

More information

To book an appointment with our security experts to discuss strategies to protect against these and many other threats to your business, call Mach Technology on 1300-MACH-00 or Contact Us via this website.

Comments are closed.