SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Sophisticated SMS cyber attack targets Australian banking customers

Fri, 12th Feb 2016
FYI, this story is more than a year old

A persistent and sophisticated SMS phishing campaign is currently targeting mobile banking customers in both Australia and New Zealand, according to a warning released by the Australian Communications and Media Authority (ACMA).

ACMA says the SMS messages are short and to-the-point, containing URLs that direct the recipient to a fake mobile banking website, which is almost indistinguishable from the real site.

The sophistication and scope of the campaign is indicated by the extensive use of internet domains that closely resemble the legitimate domains of Australian and New Zealand banks. Often these domains will be active for only a very short time, replaced shortly thereafter with another 'plausible' bank domain, says ACMA.

For example, the ACMA has received reports of SMS targeting ANZ bank customers as follows:

  • Account notification: hXXp://m.anzmobilebank. com/
  • Account notification: Verify your identity hXXp://m.anzmobilebank. com/
  • Account Notification: hXXp://anz-notification. Com
  • Account Notification: hXXp://mobile-anz. Info
  • Dear ANZ Customer, Notification: hXXp://anz-mobile. Center
  • Internal message received: hXXp:/anzmobilebank. com
  • Notification: hXXp://anz-mobile. Center
  • Verify your identity: hXXp:/anzmobilebank. com

If the URL is followed, the customer will be presented with a fake website presenting a series of webpages. These pages look legitimate, especially as the cyber criminals tried to tailor their design to reflect the same 'look' and 'feel' of the Australian or New Zealand bank's branding, ACMA says.

According to ACMA, it appears that the criminals behind this campaign are constantly refining their messages and the associated fake imitation banking websites to increase their chance of success.

In the fake ANZ mobile banking website scam, the perpetrators have even used a fake 'loading' page to simulate standard mobile banking transactions, ACMA says.

"We have direct evidence of the extent of the current SMS phishing campaign, thanks to Australian consumers who have received these SMS messages and reported them to our SMS spam reporting number, 0429 999 888.

"These reports have also enabled us to assess how the technical aspects of the campaign are evolving and how the criminals are progressively targeting different Australian banks," says ACMA.

ACMA recommends that users who have even the slightest concern they may have inadvertently responded to one of these phishes and passed on their banking credentials or personal information to the criminals behind the campaign, immediately contact their financial institution to seek their advice. Users should also report the incident to the government's Australian Cybercrime Online Reporting Network.

ACMA's tips to help stay protected

To help minimise your chances of being duped by these and other phishing campaigns, ACMA recommends users:

  • Don't open SMS or emails from unknown or suspicious sources
  • Never follow hyperlinks contained in these messages
  • Always carefully check the authenticity of a website that requests your user credentials
  • Never reuse the same login credentials on any web service
  • Where available, use two-factor authentication on your accounts.

ACMA encourages all Australian consumers to forward any suspicious or spam-related SMS messages to their hotline on 0429 999 888.

SMS messages reported to the ACMA associated with this phishing campaign

ACMA has created a full list of all the SMS messages targeting Australian financial institutions as reported by consumers below.

ANZ:

  • Account notification: hXXp://m.anzmobilebank. com/
  • Account notification: Verify your identity hXXp://m.anzmobilebank. com/
  • Account Notification: hXXp://anz-notification. Com
  • Account Notification: hXXp://mobile-anz. Info
  • Dear ANZ Customer , Notification: hXXp://anz-mobile. Center
  • Internal message received hXXp:/anzmobilebank. com
  • Notification:  hXXp://anz-mobile. Center
  • Verify your identity http:/anzmobilebank. com

Bank of Queensland:

  • Bank of Queensland Support: Update your profile: hXXp://boq-mobile. Net
  • Message received from BOQ Support hXXp://boq-mobile. Net
  • Dear Bank of Queensland customer, You have received an internal notification. hXXp://boq-mobile. Net
  • Verify your identity hXXp://boq-mobile. net

Bendigo Bank:

  • 1 new Secure Email hXXp://mobile.bendigobank. info
  • Account notification hXXp://bendigo-bank. mobi
  • Account review hXXp://mbendigobank. com
  • Account verification hXXp://mbendigobank. com
  • Customer review  hXXp://mbendigobank. com
  • Dear Customer, You have received a payment. Login Bendigo MobileBank: hXXp://m.bendigo. online
  • New payment received hXXp://mobile.bendigo. online
  • Message received hXXp://bendigo-bank. mobi
  • Notification: Payment received hXXp://mobile.bendigobank. info
  • Payment received. Access your online statement. hXXp://mobile.bendigo. online

GE Money:

  • New payment received hXXp://www.gemoneymobile. net
  • You have 1 message from customer support hXXp://www.gemoneymobile. net

Heritage Bank:

  • Heritage Bank Notification hXXp://heritagebank. mobi

Macquarie Bank:

  • Dear customer, Confirm your mobile phone number: hXXp://macquarie-mobile. com

NAB:

  • Account notification hXXp://mobilebanking.nab-login. com
  • Account notification hXXp://nab-login. com/
  • Account security notification hXXp://nab-login. com/
  • Dear NAB Customer, You have received an internal notification. hXXp://mobile2.nab. direct
  • Dear NAB Customer, You have received an internal notification. hXXp://online.mobilenab. com
  • Dear NAB Customer, You have a new message. hXXp://mobilebanking.nab. direct
  • Dear NAB Customer, You have received a notification. hXXp://mobilebanking.nab. direct
  • Verify your identity: hXXp://nab-mobile. net
  • Notification:  hXXp://mobile-nab. net
  • Internal message received hXXp://mobile.nab. direct
  • Notification:  hXXp://nabmobile. info
  • Notification:  hXXp://www.nab-mobile. net
  • Your online statement is ready hXXp://www.nab-mobile. net
  • Verify your identity: hXXp://nab-m. com
  • Verify your identity hXXp://nab-login. com/

St George:

  • Business account notification #2912 hXXp://stgeorge-mobile. com
  • Dear Business Customer, You have received a new alert from StGeorge Bank  hXXp://stgeorge-mobile. com
  • Dear Customer,  You have received a notification from StGeorge Bank hXXp://bbonline.stgeorge-mobile. com
  • St.George Bank notification #882 hXXp://bbonline.stgeorge-mobile. com
  • StGeorge Bank: account notification #441 hXXp://bbonline.stgeorge-mobile. com

Suncorp Bank:

  • Notification received hXXp://mobile.suncorpbank. net/
Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X