Mobile phone users both in Australia and New Zealand are prone to a new high-tech and persistent SMS phishing campaign. Australian Communications and Media Authority (ACMA) warn that this threat is targeting mobile banking customers.
Targeted customers are receiving SMS messages that are very concise. Included in the message are URLs which are directing the customer to a rogue mobile banking website. It is quite hard for the customer to differentiate between the rogue and the genuine website.
The hackers are using internet domains that are so much like the legitimate ones which are used by the Australian and New Zealand banks. The criminals are using these bank domains for only a short while then replacing them with other convenient domains.
Some of the SMS messages used by the phishing criminals;
- Notification: hXXp: //anz-mobile. Center
- Verify your identity: hXXp:/anzmobilebank. Com
- Dear ANZ Customer, Notification: hXXp: //anz-mobile. Center
- Account notification: hXXp://m.anzmobilebank. Com
- Account notification: Verify your identity hXXp://m.anzmobilebank. Com/
- Account Notification: hXXp: //mobile-anz. Info
- Internet message received: hXXp:/anzmobilebank. Com
Once the customer decides to click on the link, they will be redirected to a rogue website which comprises of several WebPages.
ACMA warns that a majority of banks in Australia and New Zealand are now targets of these rapidly evolving cyber attacks. In order to increase their chance of successfully hacking the banks, these sophisticated attackers are frequently redefining the attacking messages and the URLs.
How you can stay safe
Stay Smart Online together with ACMA are recommending that banks customers employ the following precautions in order to reduce the chance of them falling prey to this phishing campaign;
- Whenever you receive a message or email similar to the ones above, don’t open.
- Don’t click on the URLs in these messages or emails.
- Be vigilant and wary of a website that asks you for your personal information or asks you to verify it.
- Use different log-in details for different online accounts. Separate log-in credentials for your social media accounts from those for bank accounts.
- If possible, always go for the two-factor authentication on all of your online accounts.