14 DAY TRIAL // Customers of the ANZ Bank in Australia and New Zealand are tricked into providing their online banking credentials through a fake notification claiming that their accounts needed to be re-confirmed.
Following the standard pattern, the malicious emails create a sense of urgency for the user action by informing that less than 24 hours are provided for sending the details to the bank.
For convenience, a link is provided in the message, pointing to a fraudulent version of the bank’s log-in page.
Users falling victim to this trap are redirected to the original website after trying to access their banking account through the fake page. Hoax-Slayer notes that this procedure may occur to deceive users into believing that the procedure went as it should; this would prevent them from reporting the fraud, ensuring an increased lifespan of the malicious campaign.
However, by the time they catch on the scam, the credentials have already been sent to the cybercriminals, who can pilfer the bank account, if two-factor authentication (2FA) has not been enabled through the Security Device offered by the bank.
It is highly recommended to use additional forms of authentication, aside from the client number/username and the password. 2FA is a supplemental form of ownership validation that is more difficult to compromise, especially when a physical token, and not a mobile device, is used.