November 2016 – Software download scam

We are aware that some ANZ customers have been called by fraudsters claiming to be from ANZ.  Customers are asked to download software and then log-on to Internet Banking. This software may allow the fraudster to remotely access your computer and obtain log in details and then later steal funds.

If you receive a call from someone claiming to be from ANZ, ask for proof of their association with ANZ or call ANZ for verification (on a number from the ANZ website) and never provide your personal and financial details. Most importantly, do not install any software that you are not familiar with.

Remember;

  • We will NEVER ask you for your ANZ Internet Banking password or your goMoney PIN.
  • We will NEVER ask you to download any software onto your computer
  • We will NEVER ask you to grant us remote access to your computer
  • If you are not sure, ask for the caller’s details and call ANZ to verify the caller
  • Never give out your personal or financial details

If you receive a call from someone asking for your personal or financial details, end the call and notify the ANZ Internet Banking team on 0800 269 296 (international +64 4 470 3142) or you can report a hoax or suspicious email online.

 

September 2016 - Investment scammers

Investment scammers often purport to be from reputable companies like banks and government agencies in an attempt to gain your trust. Please be vigilant when people call or knock at your door offering investment opportunities – ask for ID to prove their association with the organisation they represent, call that company for verification, and never provide your personal or financial details.

For more information about investment scams and how to protect yourself, please visit the Financial Markets Authority website at http://fma.govt.nz/consumers/avoid-scams/steps-to-protect-yourself/

May 2016 – Invoice scam impacting the building industry

ANZ has been made aware of a scam that is currently targeting the building/construction industry.

Fraudsters are gaining access to builder’s email accounts and are altering bank account numbers on invoices and then sending them to the builder’s client. The client pays what they believe to be a legitimate invoice, but it is really going to a bank account controlled by the fraudsters and is usually withdrawn before the fraud is noticed.

If you are paying invoices Netsafe provide the following tips:

  • Examine email sender details carefully, watching for similar domain names or characters that have been swapped for other letters;
  • Forward email responses instead of hitting ‘reply’ so you can type out the genuine email address for a supplier you communicate with;
  • Ensure staff handling payments are trained to recognise suspicious emails;
  • Put in place a ‘two person rule’ around signing off transactions and set transfer thresholds;
  • Confirm new invoice details with suppliers using a phone number known to you, not the one on a suspicious invoice.

If you are issuing invoices the following tips from Connect Smart may be useful to help prevent your email account being compromised:

  • Install adequate firewalls
  • Keep your anti-virus software up to date
  • Ensure your operating software is up to date
  • Use strong or complex passwords (by including a range of upper and lower case letters, numbers and punctuation), particularly for your email and online banking
  • Change these passwords regularly

Remember: The bank account name and number cannot be matched or checked when processing payments.  There can be a legitimate bank account name, and an incorrect account number, so it is very important to check the bank account number is correct.

Further information can be found at the websites below:

What else can you do to protect your banking?

If you receive an email requesting you to re-register or re-enter sensitive details, delete it immediately and notify the ANZ Internet Banking team on 0800 269 296 (international +64 4 470 3142) or you can Report a hoax or suspicious email online.

 


April 2016 – “Your payment was declined” email phishing scam

We are aware that customers are being targeted with a phishing email scheme with the subject line “Your payment was declined”. The email advises that an online payment has been declined and as a result, the customer’s card has been deactivated. Customers are then advised to call a phone number to reactivate their cards.

If you get an email of this kind, delete the email immediately.  Do not call the number or provide any information.

If you have inadvertently called the number and provided your details, please call us immediately on 0800 269 296.

An example of the phishing email is below:

email scam

 


March 2016 - Android Mobile Banking Malware Scam

We are aware of reports about active malware that has the potential to steal mobile banking credentials on Android devices and divert text messages containing two-factor authentication. We understand that to become infected Android owners must override the default security option and accept apps from unknown sources.

Remember:

  • ANZ goMoney has high levels of encryption and each instance of goMoney is specific to that particular device ANZ takes the security of its customers, staff and services very seriously and monitors 24/7 for any threats. If you believe your Android phone has been compromised please call 0800 368 524 or Intl: +64 4 473 0370.
  • In the unlikely event where fraud does occur, customers will be fully reimbursed provided they haven’t contributed to the loss.

How can you keep your mobile safe:

  • Only install software from the Google Play store or a trusted source
  • Avoid installing any software you are not familiar with
  • Don’t adjust the default security setting in the device to install software
  • Use Antivirus software.

What do you need to do if you believe your details have been compromised?

  • Go to Android Settings > Security and ensure that Unknown Sources is NOT ticked
    • If Unknown Sources is NOT ticked, it is very unlikely to have the malware on your device
  • If Unknown Sources is ticked, go to Android Settings > Security > Device Administration > Flash Player > Deactivate (ignoring the message box that alerts to all data being lost)

Flash player settings - Android

What does the fake log in screen look like?

Fake login screen

  • Ensure you are logging in to goMoney using the legitimate log in screen. If you’re unsure, follow the steps above or call us on 0800 368 524 or Intl: +64 4 473 0370.


 


February 2016 – Internet Online Banking - email phishing scam

We are aware that customers are being targeted with a phishing email scheme using an ANZ email template.

A link is provided to verify customer’s identity and update information – this link leads to a phishing site where customers are asked to provide their Internet Banking credentials.

If you get an email of this kind, under no circumstances should you click on any links or reply to the email. Delete the email immediately.

If you have clicked on the links in the email and have provided your Internet Banking credentials, call us immediately on 0800 269 296.

Remember,  

  • We will NEVER send you any emails including attachments or ask you to click a link through to ANZ Internet Banking.
  • Always log on to ANZ Internet Banking by typing www.anz.co.nz into the address bar, rather than following links to the ANZ website.
  • Please delete any emails that advise otherwise.

For more information on banking safely online, read our internet protection tips.

An example of the phishing email is below:

phishing screenshot

October 2015 – ANZ FastPay email phishing scam

We are aware that customers are being targeted with a phishing email scheme using an ANZ FastPay email template.

  • In the email, customers are asked to view a PDF attachment
  • When the PDF is opened, customers are alerted that their Adobe Reader is out of date
  • A link is provided to update the software – this link leads to a phishing site where customers are asked to provide their Internet Banking credentials

If you get an email of this kind, under no circumstances should you click on any links, reply to the email or download any attachments. Delete the email immediately.

If you have clicked on the links in the email and have provided your Internet Banking credentials, call us immediately on 0800 269 249.

An example of the phishing campaign is below:

FastPay email template

Adobe upgrade image

October 2015 - Facebook mobile phone promotion

IMPORTANT: We have recently received reports of a promotion on Facebook that advertises a high end mobile phone for $1, which then leads to further charges being applied to a nominated credit card after a short trial period has expired.

We recommend that you always carefully read the T&C's when making purchases online - particularly when they appear 'too good to be true'.

If you are concerned that you may have been affected then please contact the website to cancel your subscription. We recommend you do this as soon as possible. If you are an ANZ customer and have charges that you believe are unauthorised which you have not been able to resolve with the website you can follow our disputes and chargeback process

July 2015 – “Statement of Account” – email phishing scam

We are aware that customers are being targeted with a phishing email scheme – “Statement of Account”. The email includes an attachment which if opened potentially contains a malicious virus that could look to expose private login information.

If you get an email of this kind, under no circumstances should you click on any links, reply to the email or download any attachments.

Remember,  

  • We will NEVER send you any emails including attachments or ask you to click a link through to ANZ Internet Banking. 
  • Always log on to ANZ Internet Banking by typing www.anz.co.nz into the address bar, rather than following links to the ANZ website. 
  • Please delete any emails that advise otherwise.

For more information on banking safely online, read our internet protection tips. If you have any concerns, please contact us on 0800 269 296.

An example of the phishing email is below:

Example of phishing email

 

July 2015 - "Your ANZ Credit Card has been deactivated" - text message phishing scam

We are aware that customers are being targeted with a phishing text scheme – “Your ANZ Credit Card has been deactivated". The text message includes an link that takes you to a ‘phishing’ site that looks very similar to the authentic ANZ Internet Banking Log on page.

If you get an text message of this kind, under no circumstances should you click on any links or reply to the text. Please also delete the message immediately.

Remember,

  • We will NEVER send you any text messages including a link through to ANZ Internet Banking. 
  • Always log on to ANZ Internet Banking by typing www.anz.co.nz into the address bar, rather than following links to the ANZ website. 
  • Please delete any text that advise otherwise.

For more information on banking safely online, read our internet protection tips. If you have any concerns, please contact us on 0800 269 296.

An example of the phishing text message is below:

Example of Text Message Scam

 

March 2015 – “Payment Notification” - e-mail phishing scam

We are aware that customers are being targeted with a phishing email scheme – “Payment Notification”. The email includes an attachment that takes you to a ‘phishing’ site that looks very similar to the authentic ANZ Internet Banking Log on page.

If you get an email of this kind, under no circumstances should you click on any links, reply to the email or download any attachments.

Remember,  

  • We will NEVER send you any emails including attachments or ask you to click a link through to ANZ Internet Banking. 
  • Always log on to ANZ Internet Banking by typing www.anz.co.nz into the address bar, rather than following links to the ANZ website. 
  • Please delete any emails that advise otherwise.

For more information on banking safely online, read our internet protection tips. If you have any concerns, please contact us on 0800 269 296.

An example of the phishing email is below:

Payment Notification

March 2015 - "Your Account Statement Made Easy" - e-mail phishing scam

ANZ is aware that customers are being targeted with an email phishing scheme- "Your Account Statement Made Easy". The email includes an attachment and requests you to download the attachment and log on to ANZ Internet Banking.

If you get an email of this kind, under no circumstances should you click on any links, reply to the email or download any attachments.

An example of the hoax email is below.

ANZ