SMS scam: ACMA issues warning over sophisticated bank scam

Mobile phone users are being warned of a highly sophisticated SMS phishing scam.

criminal taking money from an older lady

Mobile phone users are being warned of a new SMS phishing scam, where victims are redirected to fake Australian banking websites then fleeced of their private login details.

The scam is quite sophisticated, using genuine-looking web addresses and employing website design that looks as if it’s the real thing.

anz mobile banking scam screenshot

Potential targets are sent a short text message (SMS) with a legitimate looking link from a genuine banking institution. The SMS, when clicked, directs them to a fake website such as the one pictured above. Duped customers are then encouraged to enter private banking login details which are captured by crafty criminals. 

According to the ACMA warning, “It appears that the criminals behind this campaign are constantly refining their messages and the associated fake imitation banking websites to increase their chance of success. In the fake ANZ mobile banking website scam, you can see how they have even used a fake ‘loading’ page to simulate standard mobile banking transactions.”

The only obvious giveaways are the URLs (web addresses), which, although similar, can still be recognised as false addresses. ACMA has released some sample text messages with URLs of which you should be aware. The ones listed below are targeting ANZ customers:

  • Account notification: hXXp://m.anzmobilebank. com/
  • Account notification: Verify your identity hXXp://m.anzmobilebank. com/
  • Account Notification: hXXp://anz-notification. Com
  • Account Notification: hXXp://mobile-anz. Info
  • Dear ANZ Customer, Notification: hXXp://anz-mobile. Center
  • Internal message received: hXXp:/anzmobilebank. com
  • Notification: hXXp://anz-mobile. Center
  • Verify your identity: hXXp:/anzmobilebank. com

Targeted banks included in the scam are ANZ, Bank of Queensland, Bendigo, GE Money, Heritage, Macquarie, National Australia Bank, St George and Suncorp, with more institutions being progressively targeted.

ACMA’s useful tips to help you stay protected

To help minimise your chances of being duped by these and other phishing campaigns, we recommend that you: 

  • don't open SMS or emails from unknown or suspicious sources
  • don’t click on any of the links contained in these messages
  • always carefully check the authenticity of a website that requests your user credentials
  • never reuse the same password when you login to websites
  • where available, use two-factor authentication on your accounts.

If you or someone you know has been sent a scam text message, please notify ACMA on 0429 999 888.

Read more at the Australian Communications and Media Authority website

RELATED ARTICLES





    COMMENTS

    To make a comment, please register or login
    Brue
    12th Feb 2016
    10:50am
    If you get this fake message. Put in an incorrect account number and incorrect password. If it is a genuine bank it will tell you that the information you entered is incorrect. If it is a fake ,it will accept your input thinking that is the correct infomation . The false information won't get them any where. Better still delete the message but that spoils your fun in fooling them.
    Adrianus
    12th Feb 2016
    11:03am
    Brue that's a good way of testing the site. I had 2 SMS scams yesterday, one sent me an email asking me to open a PayPal account so he could deposit money. Provided the shortcut radio button to the supposed PayPal website.
    Lippy
    12th Feb 2016
    12:32pm
    PayPal have a email address to forward possible scams. phishing@paypal.com.au This info is also found on genuine emails from PayPal.
    World Prophet
    12th Feb 2016
    1:26pm
    Brue, what a brilliant way to check the authenticity of the sender! Absolutely brilliant!!
    Mygasheater
    12th Feb 2016
    2:06pm
    Brue

    By putting anything in and responding, you are confirming that the number is a real number, the same if responding to an email.

    These spams are sent randomly to hundreds of thousands of numbers and emails. Once the spammers get a response from your number or email they follow up with a Trojan or a virus to gather details off your phone or computer.

    You know you don't have an account with that bank so just delete the message. Do the same that advise you that you won the Euro lottery or you have been left a large amount of money by a stranger. They are scams designed to rip you off.
    PIXAPD
    12th Feb 2016
    11:00am
    BANKS do not send such requests, same with emails, it's as simple as that... WAKE UP FOLKS GET A BRAIN ....or are you going to be HALFWITS all your life ?
    Lippy
    12th Feb 2016
    12:37pm
    Hope you don't get old and struggle with what is real and what is not. You need to wake up and understand we are not all like you. If you ever get scammed, we will all be the last to know as you hide your shame. People need assistance and that is why we post helpful remarks.
    Anonymous
    12th Feb 2016
    6:14pm
    Lippy, this person (?) has no shame. Read below comments of same.
    PlanB
    4th Jun 2017
    1:36pm
    PIXAPAD, there are MANY trusting people out there that are not used to such mongrels such as we have these days and it is easy for trusting people to get scammed, I know of a lovely older bloke
    -- 96 -- that got taken in by a scam.
    Polly Esther
    12th Feb 2016
    1:00pm
    What I'd like to do to these so and so gutter crawlers is illegal.
    The thing is that anybody in this busy age can inadvertently press the 'wrong' button and hey presto these 'swine' can have control of your computer, smart phone or whatever.
    It is way past being even remotely funny.
    And no it is not at all nice to call people who may inadvertently get caught up in these rotten time wasting and exasperating 'schemes' names, for instance brainless and halfwits.
    Anyone who does so needs to be wary of how they themselves are flying, I suspect maybe too close to the radar at times, remember anyone, particularly someone very busy, can quite easily get caught out by these parasitic low lifes .
    Gra
    14th Feb 2016
    10:40am
    Polly what else would you call someone who asks a police officer for advice when they received a letter addressed to the householder telling them they had won a lottery overseas and all they had to do to claim their prize was send so much to a certain address. This person was told that it was obviously a scam and to ignore the letter.
    This person a few weeks later meets the police officer and complains that they still hadn't received their winnings.
    Now tell me, is that person not a brainless halfwit?
    PlanB
    4th Jun 2017
    1:38pm
    Gra yes I would say that such people are brainless and ALSO fueled by greed themselves
    cookie47
    12th Feb 2016
    1:01pm
    One of the tell tail signs of a scam is poorly written English particularly if originated from overseas.
    Of course this is not 100%.
    Mygasheater
    12th Feb 2016
    2:12pm
    Cookie,

    The main way to tell if it is genuine or a scam is the if it is from someone you deal with, it will address you by name not "Dear Customer".
    cookie47
    12th Feb 2016
    2:39pm
    Yes very true,Mygassheater
    HappyDaze
    12th Feb 2016
    1:28pm
    I am surprised that we are provided with a mobile number (0429 999 888) to contact ACMA. Hope this is not part of an overall elaborate scam.
    cookie47
    12th Feb 2016
    1:30pm
    Never mind lippy and Polly Esther I also was quite saddened at what pixapd had to say (whoever she or he is).Using capitals is shouting and calling us halfwits is something that would not be tolerate if said to my face.Its a pity that people think they can say anything whilst hiding behind a keyboard and wouldn't have the guts to say it face to face (very common in forums).
    With my extensive experience with computers I was nearly caught in a "you have won a million pounds" scam.Normally I would have deleted it ,but it came from London,(my birth place),an address very close to where I lived, I used Google maps to check the address and found that the number did not exist in that street
    However the English was poor and not written by a native speaker.Anyway to cut a long story short I deleted it.
    If you get something fishy it probably is.
    cookie47
    12th Feb 2016
    1:36pm
    P's,I got my nephew in the UK to check it out and he confirmed it was a scam and had been mentioned in the UK press
    PIXAPD
    12th Feb 2016
    1:38pm
    UPPER CASE is only shouting to those who do not know it is UPPER CASE. And HALFWITS will never learn that Banks and yes, even PayPal will NEVER ask for your account details.
    cookie47
    12th Feb 2016
    1:51pm
    PIXAPD,just look up Wikipedia and numerous websites that point out that capitals used in social media implies shouting.
    HALFWIT
    PIXAPD
    12th Feb 2016
    3:18pm
    OH dear cookie47 is now upset and angry, hee, hee, a common reaction of unstable individuals...... who don't seem to understand that your bank/s will NOT ask you for your account details. Some find this hard to grasp, yet over the past 10 -15 years time and time again Banks and other financial institutions have taught THEY DO NOT ask such a thing. Also upper case being 'shouting' rather than upper case, I accept that the LESSER MIND would think that.
    cookie47
    12th Feb 2016
    4:46pm
    Ha,now PIXAPD is a psychologist as well as not understand the usage of capitals in social media
    PIXAPD
    12th Feb 2016
    4:58pm
    Psychology is from Satan......
    CindyLou
    12th Feb 2016
    6:52pm
    In defence of PIXAPD I kinda agree with his/her comments. I personally don't give a hoot if something is in capitals.

    But not wanting to be unkind, but the above post from cookie47 stated word to the effect that he/she has extensive experience in computers but nearly was scammed because the alleged lottery win came from London. I'm sorry but I just not understand how anyone can be suckered in with this...if you have not bought a u.k.lottery ticket then how could you win a million pounds.
    ... Omg Sorry but that's crazy
    PIXAPD
    12th Feb 2016
    7:06pm
    CindyLou... Be very careful....you had a thought and that is a dangerous thing to do, you might get abused, ha ha ha
    CindyLou
    12th Feb 2016
    8:58pm
    PIXAPD, Sticks and stones...
    I always try to be polite in posts, however, I like to be logical, hence my post (and my frustration)

    We are not talking about rocket science with a lot of these issues eg.,
    - if you didn't buy a ticket you couldn't have won $$$
    - if you get a suspicious email don't open
    - if someone online asks for money - disconnect immediately
    - banking/money - guard all your information vigorously

    It's NOT that hard.
    Gra
    14th Feb 2016
    10:44am
    Cookie, had you bought a ticket in any lotteries in the UK? Surely if you hadn't, you couldn't have won a prize, one Pound or a million Pounds.
    One of the things scammers work on is greed, the other is naivety.
    MICK
    12th Feb 2016
    1:32pm
    And still Australian banks refuse to introduce a second layer of defence. BNZ has a card which is sent to customers where, during the login process, customers are prompted to enter 3 characters from a grid. Impossible for fraudsters to fake this unless they get this card.
    Australian banks are aware of the scammers but are not interested in spending an absolute pittance to introduce more safety, preferring instead to hang customers out to dry.
    Dinosaur
    12th Feb 2016
    4:53pm
    Have received numerous of these bogus scam emails about AAZ bank have rung the bank and they asked me to forward the emails they seem to do little or nothing to stop this happening Vigilance is the key word Brues idea is a cracker
    KSS
    12th Feb 2016
    8:23pm
    Another way to check if something is a scam is to hover your cursor (the little arrow) over the e-mail address/url. It will show up something different to what they say it is - usually a string of letters and numbers but NOT Pay Pal or ANZ etc. You may have to look at the bottom of the screen to see the fake address.
    GoldenOldie
    12th Feb 2016
    9:03pm
    I am definitely not a HALFWIT but appreciate that folk who shout at victims for being stupid may be themselves somewhat deficient, not least in compassion.
    I find it disturbing that a 'blame the victim' mentality expressed so vociferously is actually allowed airspace on this forum. I thought that Life Choices was aimed at folk who had learned both wisdom and tolerance for others over the years. My commiserations to PIXAPD (the capitals are a true representation of your signature, not an expression of anger or even rancour)
    carmencita
    14th Feb 2016
    11:16pm
    I got a similar message for my paypal account but just deleted it and changed my password after contacting paypal and being informed that it is not their email address. The same with my yahoo account upon recognising that it is not a yahoo email address.
    Daz
    14th Feb 2016
    11:27pm
    We were almost tricked recently by e-mails informing my wife that she had an extra $232 in tax refund. She needed to click on the link and was directed to her my.gov account. It was amazingly professional looking site that I couldn't tell the fake. My suspicions were raised when the website asked us to put in our CC details. We checked and even the URL was my.gov.au with a bit of extra on the end. In the end, we found the website was hosted in Vietnam. Phew! Close call and very professional looking!
    PlanB
    4th Jun 2017
    12:18pm
    I got one of these SMS on the phone this morning -- and I also got a call on the landline yesterday about my TERM DEPOSIT (with the bank I am with) but I do not have a TD -- and the voice was an Aussie girls voice --
    The scams getting way over the top of late and I often get about 7 a day of late.


    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles