The ACMA

Cybersecurity

10 February, 2016
09:47 AM

Cybersecurity

RSS Feed

Blog

Banks targeted by SMS phishing scam

By Editor

.

We are warning all mobile phone users of a persistent and sophisticated SMS phishing campaign currently underway that is targeting mobile banking customers in both Australia and New Zealand.

The SMS messages are short and to-the-point, containing URLs that direct the recipient to a fake mobile banking website, which is almost indistinguishable from the real thing.

The sophistication and scope of the campaign is indicated by the extensive use of internet domains that closely resemble the legitimate domains of Australian and New Zealand banks. Often these domains will be active for only a very short time, replaced shortly thereafter with another ‘plausible’ bank domain.

For example, the ACMA has received reports of SMS targeting ANZ bank customers as follows*

>        Account notification: hXXp://m.anzmobilebank. com/

>        Account notification: Verify your identity hXXp://m.anzmobilebank. com/

>        Account Notification: hXXp://anz-notification. Com

>        Account Notification: hXXp://mobile-anz. Info

>        Dear ANZ Customer, Notification: hXXp://anz-mobile. Center

>        Internal message received: hXXp:/anzmobilebank. com

>        Notification: hXXp://anz-mobile. Center

>        Verify your identity: hXXp:/anzmobilebank. com

If the URL is followed, the customer will be presented with a fake website presenting a series of webpages.

The following screenshots are examples of a current and sophisticated fake ANZ mobile banking website scam. You can see how legitimate each screen looks, especially as they’ve tried to tailor their design to reflect the same ‘look’ and ‘feel’ of the ANZ bank’s branding.

ANZ mobile banking scam screenshot jpg

Many Australian and New Zealand banks are being targeted by this constantly evolving campaign.

It appears that the criminals behind this campaign are constantly refining their messages and the associated fake imitation banking websites to increase their chance of success. In the fake ANZ mobile banking website scam, you can see how they have even used a fake ‘loading’ page to simulate standard mobile banking transactions.

We have direct evidence of the extent of the current SMS phishing campaign, thanks to Australian consumers who have received these SMS messages and reported them to our SMS spam reporting number, 0429 999 888. These reports have also enabled us to assess how the technical aspects of the campaign are evolving and how the criminals are progressively targeting different Australian banks. The current list of unique SMS phishes related to this campaign are listed at the end of this blog.

If you have even the slightest concern that you may have inadvertently responded to one of these phishes and passed on your banking credentials or personal information to the criminals behind the campaign, we recommend that you immediately contact your financial institution to seek their advice. We also recommend that you report the incident to the government’s Australian Cybercrime Online Reporting Network.

Useful tips to help stay protected

To help minimise your chances of being duped by these and other phishing campaigns, we recommend that you:  

>             don’t open SMS or emails from unknown or suspicious sources

>             never follow hyperlinks contained in these messages

>             always carefully check the authenticity of a website that requests your user credentials

>             never reuse the same login credentials on any web service

>             where available, use two-factor authentication on your accounts.

We encourage all Australian consumers to forward any suspicious or spam-related SMS messages to our hotline on 0429 999 888.

More information

Visit the Australian Government’s Stay Smart Online website to help educate yourself on the ways you can avoid having your personal information compromised.  

Subscribe to our Cybersecurity news to keep up-to-date with the latest trends from the Australian Internet Security Initiative (AISI). This has a particular focus on malware, phishing and botnet activities.

We also provide statistical information on our other cyber security activities, with detailed trend data on malware reports and service vulnerabilities currently being reported through our AISI program.

SMS messages reported to the ACMA associated with this phishing campaign

You can find a full list of all the SMS messages targeting Australian financial institutions that have been reported to us by Australian consumers below.

We have reported all these SMS messages to each of the affected financial institutions.

ANZ:

>        Account notification: hXXp://m.anzmobilebank. com/

>        Account notification: Verify your identity hXXp://m.anzmobilebank. com/

>        Account Notification: hXXp://anz-notification. Com

>        Account Notification: hXXp://mobile-anz. Info

>        Dear ANZ Customer , Notification: hXXp://anz-mobile. Center

>        Internal message received hXXp:/anzmobilebank. com

>        Notification:  hXXp://anz-mobile. Center

>        Verify your identity http:/anzmobilebank. com

 

Bank of Queensland:

>        Bank of Queensland Support: Update your profile: hXXp://boq-mobile. Net

>        Message received from BOQ Support hXXp://boq-mobile. Net

>        Dear Bank of Queensland customer, You have received an internal notification. hXXp://boq-mobile. Net

>        Verify your identity hXXp://boq-mobile. net

 

Bendigo Bank:

>        1 new Secure Email hXXp://mobile.bendigobank. info

>        Account notification hXXp://bendigo-bank. mobi

>        Account review hXXp://mbendigobank. com

>        Account verification hXXp://mbendigobank. com

>        Customer review  hXXp://mbendigobank. com

>        Dear Customer, You have received a payment. Login Bendigo MobileBank: hXXp://m.bendigo. online

>        New payment received hXXp://mobile.bendigo. online

>        Message received hXXp://bendigo-bank. mobi

>        Notification: Payment received hXXp://mobile.bendigobank. info

>        Payment received. Access your online statement. hXXp://mobile.bendigo. online

 

GE Money:

>        New payment received hXXp://www.gemoneymobile. net

>        You have 1 message from customer support hXXp://www.gemoneymobile. net

 

Heritage Bank:

>        Heritage Bank Notification hXXp://heritagebank. mobi

 

Macquarie Bank:

>        Dear customer, Confirm your mobile phone number: hXXp://macquarie-mobile. com

 

NAB:

>        Account notification hXXp://mobilebanking.nab-login. com

>        Account notification hXXp://nab-login. com/

>        Account security notification hXXp://nab-login. com/

>        Dear NAB Customer, You have received an internal notification. hXXp://mobile2.nab. direct

>        Dear NAB Customer, You have received an internal notification. hXXp://online.mobilenab. com

>        Dear NAB Customer, You have a new message. hXXp://mobilebanking.nab. direct

>        Dear NAB Customer, You have received a notification. hXXp://mobilebanking.nab. direct

>        Verify your identity: hXXp://nab-mobile. net

>        Notification:  hXXp://mobile-nab. net

>        Internal message received hXXp://mobile.nab. direct

>        Notification:  hXXp://nabmobile. info

>        Notification:  hXXp://www.nab-mobile. net

>        Your online statement is ready hXXp://www.nab-mobile. net

>        Verify your identity: hXXp://nab-m. com

>        Verify your identity hXXp://nab-login. com/

 

St George:

>        Business account notification #2912 hXXp://stgeorge-mobile. com

>        Dear Business Customer, You have received a new alert from StGeorge Bank  hXXp://stgeorge-mobile. com

>        Dear Customer,  You have received a notification from StGeorge Bank hXXp://bbonline.stgeorge-mobile. com

>        St.George Bank notification #882 hXXp://bbonline.stgeorge-mobile. com

>        StGeorge Bank: account notification #441 hXXp://bbonline.stgeorge-mobile. com

 

Suncorp Bank:

>        Notification received hXXp://mobile.suncorpbank. net/


*We have slightly altered the original URLs to protect against inadvertent use of these links.

Add your comments
  • Maureen Hunt

    12/02/2016 12:33:20 PM

    I received a link on my mobile yesterday at 2:15pm, it read:
    Notification: http://www.nabmobile.mobi
    
    I did not click on link but I have entered the URL on the internet and an internet banking Login page appeared:
    
    ________________________________________________________________________
    Welcome to NAB Internet Banking on your mobile. Full version.
    NAB ID
    
    PASSWORD
    
    Login
    
    Forgot your password?
    
    Register for NAB Internet Banking
    
    Security 
    
    Terms of use
    
    Help
    _____________________________________________________________________
    
    I deleted the text.
    
    It may not be a scam but I have no reason for NAB to be contacting me.
    
    Cheers
    Maureen
    Reply
  • Phillip Daddy

    24/03/2016 2:38:54 PM

    I am not a customer but today I received the following Phishing SMS :
    
    "ANZ Account Locked.
    
    Click the button below to unlock your account http://inetbank.annz.com.au"
    
    Reply
    • In reply to Phillip Daddy

      The ACMA

      31/03/2016 11:10:09 AM

      Hi Phillip, well done on spotting the fake URL. Delete the SMS immediately!
      Reply
  • Catherine

    31/03/2016 12:07:06 PM

    i have received text from westpac +61447125396 saying i had received a notification with the  following link,
    http://westpac-mobile.net
    
    i am not a westpac customer so i suspect it is a scam, regards Catherine
    Reply
    • In reply to Catherine

      The ACMA

      1/04/2016 11:17:23 AM

      Hi Catherine, good call to be careful, especially when you're not a customer! 
      Reply
  • Alan Tolliday

    5/04/2016 8:49:18 AM

    I have this morning at 6am received a SMS containing the following URL 
    
    http://westpac-mobi.net. 
    
    As I don't have any accounts with Westpac, I deleted the SMS. 
    
    I tried to check the URL on the net and Google Chrome blocked the site as unsafe. I Googled the URL name which lead me to this site, i.e. confirming what I thought, the SMS is a phishing scam.
    
    Regards
    
    Alan 
    Reply
  • Sharon Blennerhassett

    5/04/2016 11:17:27 AM

    I received a text from +1 844 710 5809 this morning telling me my Westpac account was ready to be viewed........I don't have an account with this bank. http://westpac-mobile.net 
    I didn't open it just deleted it.
    Reply
  • Jeremy Apps

    12/04/2016 3:29:38 PM

    Hi, 
    
    Just reporting an SMS phishing attempt I just received on my work mobile:
    
    ---
    FROM: +61 476 929 269
    ----
    GrowbyANZ
    E*TRADE customers can now trade on the go. Track your portfolio and tap to buy, sell or modify your order using the Grow by ANZ app. Download at link:anz.co/10vNqG
    ----
    
    Not an ANZ customer.
    
    Cheers,
    Jeremy
    
    Reply
  • The ACMA

    13/04/2016 8:19:11 AM

    A reminder that the Stay Smart Online Alert Service is a free service for Australian internet users, to explain recent online threats and how they can be managed.
    Click here to sign up to the alert service: https://www.communications.gov.au/what-we-do/internet/stay-smart-online/alert-service
    Reply
  • John HUNT

    4/05/2016 7:47:21 PM

    I have received 3 of these in the last week. 
     1) 28/04 at 7:31. Your statement is ready http://anz-mobi.net/ from +61428482059
     2) 04/05 at 6:05. Account Update http://www.bankaust.net from +61429136650
     3) 04/05 at 7:58. Balance update http://www.bendigo-mobile.net from +61437581767
    I do not have accounts with any of these organisations.
    Reply
  • Ming Liu

    30/05/2016 12:46:24 PM

    Got a SMS from 0427 659 225 , Very bad one. 
    
    Dear ANZ bank Customer,
    
    We have detected some unusual activity, We urgently ask you to follow the account review link: http://bit.do/b3WtX
    
    Reply
Back to top