sb-au logo
Story image

Sophisticated SMS cyber attack targets Australian banking customers

A persistent and sophisticated SMS phishing campaign is currently targeting mobile banking customers in both Australia and New Zealand, according to a warning released by the Australian Communications and Media Authority (ACMA).

ACMA says the SMS messages are short and to-the-point, containing URLs that direct the recipient to a fake mobile banking website, which is almost indistinguishable from the real site.

The sophistication and scope of the campaign is indicated by the extensive use of internet domains that closely resemble the legitimate domains of Australian and New Zealand banks. Often these domains will be active for only a very short time, replaced shortly thereafter with another ‘plausible’ bank domain, says ACMA.

For example, the ACMA has received reports of SMS targeting ANZ bank customers as follows:

  • Account notification: hXXp://m.anzmobilebank. com/
  • Account notification: Verify your identity hXXp://m.anzmobilebank. com/
  • Account Notification: hXXp://anz-notification. Com
  • Account Notification: hXXp://mobile-anz. Info
  • Dear ANZ Customer, Notification: hXXp://anz-mobile. Center
  • Internal message received: hXXp:/anzmobilebank. com
  • Notification: hXXp://anz-mobile. Center
  • Verify your identity: hXXp:/anzmobilebank. com

If the URL is followed, the customer will be presented with a fake website presenting a series of webpages. These pages look legitimate, especially as the cyber criminals tried to tailor their design to reflect the same ‘look’ and ‘feel’ of the Australian or New Zealand bank’s branding, ACMA says.

According to ACMA, it appears that the criminals behind this campaign are constantly refining their messages and the associated fake imitation banking websites to increase their chance of success.

In the fake ANZ mobile banking website scam, the perpetrators have even used a fake ‘loading’ page to simulate standard mobile banking transactions, ACMA says.

“We have direct evidence of the extent of the current SMS phishing campaign, thanks to Australian consumers who have received these SMS messages and reported them to our SMS spam reporting number, 0429 999 888.

“These reports have also enabled us to assess how the technical aspects of the campaign are evolving and how the criminals are progressively targeting different Australian banks," says ACMA.

ACMA recommends that users who have even the slightest concern they may have inadvertently responded to one of these phishes and passed on their banking credentials or personal information to the criminals behind the campaign, immediately contact their financial institution to seek their advice. Users should also report the incident to the government’s Australian Cybercrime Online Reporting Network.

ACMA’s tips to help stay protected

To help minimise your chances of being duped by these and other phishing campaigns, ACMA recommends users:  

  • Don’t open SMS or emails from unknown or suspicious sources
  • Never follow hyperlinks contained in these messages
  • Always carefully check the authenticity of a website that requests your user credentials
  • Never reuse the same login credentials on any web service
  • Where available, use two-factor authentication on your accounts.

ACMA encourages all Australian consumers to forward any suspicious or spam-related SMS messages to their hotline on 0429 999 888.

SMS messages reported to the ACMA associated with this phishing campaign

ACMA has created a full list of all the SMS messages targeting Australian financial institutions as reported by consumers below.

ANZ:

  • Account notification: hXXp://m.anzmobilebank. com/
  • Account notification: Verify your identity hXXp://m.anzmobilebank. com/
  • Account Notification: hXXp://anz-notification. Com
  • Account Notification: hXXp://mobile-anz. Info
  • Dear ANZ Customer , Notification: hXXp://anz-mobile. Center
  • Internal message received hXXp:/anzmobilebank. com
  • Notification:  hXXp://anz-mobile. Center
  • Verify your identity http:/anzmobilebank. com

Bank of Queensland:

  • Bank of Queensland Support: Update your profile: hXXp://boq-mobile. Net
  • Message received from BOQ Support hXXp://boq-mobile. Net
  • Dear Bank of Queensland customer, You have received an internal notification. hXXp://boq-mobile. Net
  • Verify your identity hXXp://boq-mobile. net

Bendigo Bank:

  • 1 new Secure Email hXXp://mobile.bendigobank. info
  • Account notification hXXp://bendigo-bank. mobi
  • Account review hXXp://mbendigobank. com
  • Account verification hXXp://mbendigobank. com
  • Customer review  hXXp://mbendigobank. com
  • Dear Customer, You have received a payment. Login Bendigo MobileBank: hXXp://m.bendigo. online
  • New payment received hXXp://mobile.bendigo. online
  • Message received hXXp://bendigo-bank. mobi
  • Notification: Payment received hXXp://mobile.bendigobank. info
  • Payment received. Access your online statement. hXXp://mobile.bendigo. online

GE Money:

  • New payment received hXXp://www.gemoneymobile. net
  • You have 1 message from customer support hXXp://www.gemoneymobile. net

Heritage Bank:

  • Heritage Bank Notification hXXp://heritagebank. mobi

Macquarie Bank:

  • Dear customer, Confirm your mobile phone number: hXXp://macquarie-mobile. com

NAB:

  • Account notification hXXp://mobilebanking.nab-login. com
  • Account notification hXXp://nab-login. com/
  • Account security notification hXXp://nab-login. com/
  • Dear NAB Customer, You have received an internal notification. hXXp://mobile2.nab. direct
  • Dear NAB Customer, You have received an internal notification. hXXp://online.mobilenab. com
  • Dear NAB Customer, You have a new message. hXXp://mobilebanking.nab. direct
  • Dear NAB Customer, You have received a notification. hXXp://mobilebanking.nab. direct
  • Verify your identity: hXXp://nab-mobile. net
  • Notification:  hXXp://mobile-nab. net
  • Internal message received hXXp://mobile.nab. direct
  • Notification:  hXXp://nabmobile. info
  • Notification:  hXXp://www.nab-mobile. net
  • Your online statement is ready hXXp://www.nab-mobile. net
  • Verify your identity: hXXp://nab-m. com
  • Verify your identity hXXp://nab-login. com/

St George:

  • Business account notification #2912 hXXp://stgeorge-mobile. com
  • Dear Business Customer, You have received a new alert from StGeorge Bank  hXXp://stgeorge-mobile. com
  • Dear Customer,  You have received a notification from StGeorge Bank hXXp://bbonline.stgeorge-mobile. com
  • St.George Bank notification #882 hXXp://bbonline.stgeorge-mobile. com
  • StGeorge Bank: account notification #441 hXXp://bbonline.stgeorge-mobile. com

Suncorp Bank:

  • Notification received hXXp://mobile.suncorpbank. net/
Story image
iland and Cohesity form alliance, target data protection market
"Together with Cohesity, we will deliver elegant and cutting-edge solutions that will take our joint customers’ digital transformation projects to the next level."More
Story image
Gigamon & FireEye tackle security in hybrid cloud environments
The partnership is an extension to a ‘long-standing’ relationship that aims to ‘simplify, secure, and optimise hybrid cloud environments’.More
Story image
Imperva unveils new data security platform built for cloud
"The cloud has revolutionised IT, offering organisations a strategic opportunity to rapidly pursue new market initiatives and adapt their operations in the face of new business challenges."More
Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More
Story image
Five things ANZ businesses should know about storing customers’ data
Businesses need to correlate events intelligently across multiple threat surfaces, application layers, and time spans to connect event A, to event B, to event C — even if they are months apart.More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More