Latest security alerts

08 November 2023: Telco Impersonation Scam Alert

We are aware of a telecommunication specific impersonation scam that takes advantage of the current network outage. Here are some reminders to help you protect yourself:

• Be cautious of unsolicited calls claiming to be from your telecom provider. Always call the official customer service number on your bill or visit the company’s official website.
• Don’t share personal or financial details, such as passwords, account numbers, or one-time passcodes.
• Avoid clicking links or accessing attachments in emails or SMS’s. These may contain malware or provide scammers access to your devices. For example, you may be asked to download software, which enables remote access to your device, claiming this will be used to address the technical issues.
• Scammers often create a sense of urgency, pressuring you to act quickly. Pause and reassess the situation and understand what the person on the other line is asking you to do or provide.

If you think you may have provided your personal or financial details, or made a transaction due to a scam, report this immediately by:

1. using the ANZ App – Log in to the ANZ App, tap Support, select the type of support, then tap Reporting Fraud or Identify Theft, or
2. forwarding the email or SMS to hoax@cybersecurity.anz.com. 

For more information on the types of scams and how to protect yourself, please visit the ANZ Security Centre.

27 July 2023: "Live Chat" Bank impersonation scam

New variation of the bank impersonation scam detected

We have observed a new variation of the bank impersonation scam where an SMS, appearing to be from ANZ, is sent to customers advising them to expect a call from ANZ relating to "transaction issues".

During the call, customers are prompted to click on a link, provided in another SMS, to assist in resolving these issues. This link leads to a fake ANZ website with a button to begin "ANZ Live Chat". This website may look very convincing. If the customer clicks on the button, software will be downloaded on the customer's device providing the scammer remote access to the device.

The scammer (still impersonating an ANZ employee), will ask the victim to log into their Internet Banking, allowing the scammer to capture the customer's login credentials. The scammer may also take over the session and perform transactions or ask the customer to transfer their money into a "safe" account.

For example:

Remember, ANZ will never ask you:

• to click on a link to log in to ANZ Internet Banking or the ANZ App
• to provide remote access to your computer or phone
• for sensitive banking details (like passwords, PINs, one-time passcodes for payment, Shield codes, token codes)
• to transfer money to another account

If you've received and responded to a message that you now believe is a scam, have shared your banking details, or you're concerned your personal details have been compromised, contact ANZ immediately.

You can also report scams to Scamwatch. For more information on how to protect yourself online, please visit the ANZ Security Centre.

May 2023

Phishing / Scam SMS

ANZ is aware of a new scam text message which appears to come from ANZ. The text message states that the customer’s debit card needs additional verification, and a link is provided to reactivate the card.

The link in the text is similar to the correct ANZ website address (anz-login.com instead of the correct link anz.com). If clicked, the link will take you to a site that looks legitimate but has been designed to steal your personal information. In this instance, customers are being asked to reveal their Customer Registration Number (CRN), internet banking password, email, password, and mother’s maiden name. Customers are also being asked to provide images of identification documents.

Some examples include:

Remember, ANZ will never email, call or text message you, asking for personal information like your password, PIN, one-time password (OTP) for payments, RSA token, ANZ Shield or ask you to transfer funds into another account.

If you receive one of these messages, do NOT click on the link, delete the message immediately.

If you’ve received and responded to a message that you now believe is a scam, and have shared your banking details, account credentials, or you’re concerned your personal details have been compromised, contact ANZ immediately.

You can also report scams at Scamwatch. For more information on how to protect yourself online, please visit the ANZ Security Centre.

March 2023: SMS Text & Phone call Scam – Bank impersonation

Fake SMS/Phone scam

We are seeing an increase in scams, often commencing with a text message or a phone call, which claim to come from ANZ.  Retail, Business and Corporate banking customers may receive these texts/calls, see examples.

How the scam typically works:

• You receive a cold call from an individual claiming to be from the bank’s fraud prevention team.
• The caller will panic you by saying your accounts are at risk and you urgently need to transfer funds to a different account.
• They may appear professional and confident and will ask to identify you using bank procedures which appear legitimate.
• They will then convince you to share your card number, PIN, password, registration numbers or a one-time password (OTP).
• Often the caller will have sourced personal information about you beforehand through a malicious email or SMS message sent in the days or weeks leading up to the call.

We recommend that you terminate these calls immediately, or if directed to call your bank, always contact ANZ via a phone number or other contact details published on our website www.anz.com

Whilst our fraud team may call customers from time to time to verify suspicious transactions like these, we will never ask you for sensitive banking details (like passwords, PINs, One-Time-Passwords etc) or to transfer money or download software or email you a link to login directly from an email or SMS.

The best way to help protect yourself from being caught out by a scam is knowing the warning signs and thinking before you act.

• Stop and think twice if you’re being asked to act urgently or respond to an offer sounding too good to be true.
• Be suspicious of anyone asking you for personal information or a payment. Even if they say they’re from your bank or a known service provider, or if they claim to be a family member who has recently changed their phone number.
• Never provide your password, PIN, or one-time password (OTP) via phone, SMS, RSA token or ANZ Shield to anyone, even if they claim to work for your bank and have personal information about you.
• Contact your bank immediately on a number you know if you receive a message from someone saying your account is at risk or if you enter personal details into a link, you suspect is a scam.

For more information about scams or if you believe you may have fallen victim to a scam, follow the steps outlined on the Report bank fraud page.

January 2023: Fake ANZ SMS messages

Phishing/Scam SMS

ANZ is aware of a variety of scam text messages, appearing to come from ANZ, asking customers to take action – for example: click on a link; await a call from the fraud team; or to call the number listed in the message. 

Some examples include:

Tips for identifying and responding to fake apps

Prior to downloading a new app, take 60 seconds to check the following:

• Check the popularity of the app: thousands of downloads and very few reviews suggests a fake app
• Check the name of the app or developer and reviews: minor errors in the name, inconsistency with ANZ products or suspicious comments may indicate the app is a fake
• Check the pattern of reviews including time frames from app launch to commentary: reviews in quick succession of launch are a red flag
• If in doubt, go to the web page of the developer: lack of details about the developers, and linkage to a legitimate site is another indicator
• Check that the permissions required by the app are in line with activities you will be performing: if the permissions seem excessive this is another red flag

If you believe you have downloaded a fake ANZ app please contact us immediately on 1800 033 844.

If you suspect a fake ANZ app is available on Google Play or on the App Store, please do not install the application and contact hoax@cybersecurity.anz.com

27 September 2022: Hope App Scam

Fake App - Pyramid scheme-style app scams vulnerable customers

The 'Hope Business App' or  'Wonderful World App' used advertising on social media sites and had their applications available via official app stores. People invested their money and then were encouraged to recruit more investors as an incentive. The more people recruited, it claimed, the more commission they would make. The Hope App scam was identified after consumers were unable to withdraw funds from the Hope App or obtain their promised 'earnings'. 

scamwatch.gov.au advises consumers to be vigilant and protect themselves

• Be alert to the fact that scams exist.
• Know who you're dealing with.
• Do not open suspicious texts, pop-up windows or click on links or attachments in emails – delete them.
• Don't respond to phone calls about your computer asking for remote access – hang up.
• Keep your personal details, your mobile devices, and computers secure.
• Choose your passwords carefully.
• Review your privacy and security settings on social media.
• Beware of any requests for your details or money.
• Be wary of unusual payment requests.
• Be careful when shopping online.

The apps have since been removed from Apple's App Store and Google's Play Store.

More information can also be found on the Australian Competition and Consumer Commission's (ACCC) media releases page.

Protect yourself from phishing scams

Be aware of what to look out for in suspicious emails. Typical signs include:

• Misspellings and poor grammar
• Patchy graphics or design
• Asking for personal information, usernames or passwords
• Not addressing you by name at the start of the message
• A sense of urgency, claiming that your immediate attention is needed
• An email address that doesn’t look quite right
• Links to click on or attachments to open.

If you receive a suspicious message, follow the steps outlined on the Report bank fraud page.

Latest Scam Alert

Customers are reminded that ANZ will never send you an email/SMS asking for your account or financial details, or your log in details for ANZ Phone Banking, ANZ Mobile Banking or ANZ Internet Banking.

If you have received a hoax/suspicious email or text claiming to be from ANZ:

1. Do NOT click on any unexpected/unusual links or open attachments.
2. Forward the email or SMS to hoax@cybersecurity.anz.com
3. Delete the message from your inbox.

Contact ANZ immediately if you’ve:

• shared your banking details in response to a hoax phone call, email or SMS
• accidentally clicked on any links or downloaded any attachments
• noticed any unusual transactions on your accounts

For more information on how to protect yourself, please visit the ANZ security centre.

08 November 2023: Fake product comparison websites

We are aware of a scam involving fake product comparison websites promoting interest bearing accounts, namely, term deposit accounts.

These websites may be encountered when conducting an online search for financial products such as, term deposits. Scammers pose as product comparison companies, promoting accounts with higher-than-average interest rates. If the individual provides their personal information on the website, they may be contacted by the scammer claiming to work for the product comparison company and offer to open an account for the individual. If the individual agrees, they will be provided with bogus account details –and money subsequently transferred to this account, will instead be directed to the scammer. Personal information provided by users of the website, may also be captured for misuse by the scammer.

Tips to help you protect yourself:

• Be cautious – if an offer appears too good to be true, it probably is.
• Be mindful that online search results may display malicious websites.
• Do your research to determine whether product comparison websites are legitimate.
• Pause before sharing personal information.

If you’ve received and responded to a message that you now believe is a scam and have transferred money or shared your ANZ banking details and/or account credentials, contact ANZ immediately.

You can also report scams to the Australian Government’s Scamwatch.

19 October 2023: Chinese authority extortion scam

It has come to our attention that scammers posing as Chinese authorities are contacting young people studying and/or living in Australia to financially extort them using various threatening and intimidating tactics.

Targeted individuals are contacted through phone calls or messaging apps like Telegraph, WhatsApp, or WeChat. Mandarin-speaking scammers pose as Chinese authorities, police, staff from the Chinese Embassy or Consulate, or immigration officials. These scammers are falsely threatening criminal charges, extradition and/or deportation unless money is sent to those scammers.

In a variation of this scam, instead of directly asking the targeted individual for money, scammers will force victims to fake their own kidnapping and take photographs of themselves in vulnerable positions. This will then be used by the scammers to manipulate the victim’s family into paying a ransom.

If you’ve received and responded to a message that you now believe is a scam, and have transferred money or shared your ANZ banking details and/or account credentials, contact ANZ immediately.

You can also report scams to the Australian Government’s Scamwatch.

For more information on how to protect yourself online, please visit the ANZ Security Centre. Content is available in simplified and traditional Chinese via Scamwatch.

08 September 2023: Seniors discount card scams

We are aware of an emerging scam targeting elderly Australians through fake websites or cold calls claiming to supply seniors discount card memberships.

According to the National Anti-Scam Centre (NASC), seniors may be targeted through a fake website that claims to be “officially approved” and offers to provide seniors discount card membership for a fee. In other instances, scammers are cold calling the elderly offering a fake seniors discount card and are asking for personal information over the phone. If personal information is subsequently provided to the scammer, they may use this information to commit identity fraud.

Please be aware that government bodies within Australia supply seniors card memberships for no cost, and therefore, seniors will never be asked to pay a membership or application fee.

Tips to help protect yourself or your loved ones:

• Pause and consider whether an offer is legitimate before making a payment or providing your personal information.
• If you receive an unsolicited call from someone offering a seniors discount card membership that seems suspicious, hang up.
• If you have received a scam call or have come across a fake website offering a seniors discount card for a fee, report it to Scamwatch.

If you’ve received and responded to a message that you now believe is a scam, have shared your ANZ banking details, or you’re concerned your personal details have been compromised, contact ANZ immediately.

You can also report scams to Scamwatch.

For more information on how to protect yourself online, please visit the ANZ Security Centre.

24 August 2023: Toll road scams

ANZ is aware of SMS phishing scams that impersonate toll road operators. These scams typically claim that an overdue toll notice is outstanding and needs to be settled immediately. Individuals may be threatened with late fees, severe penalties or negative impacts on credit scores for non-compliance. Scammers might claim that the individual’s vehicle may be (or has been) suspended.

To resolve the issue, the individual is prompted to follow a link to a fake website, designed to steal personal or financial details.

These SMS messages may come from a random number, or may be ‘spoofed’, appearing to originate from the legitimate toll road operator.

Examples include: 

Remember:

• Be cautious of messages requesting for payment. Do not click on any links.
• If in doubt, call the toll road operator directly on a verifiable number from their official website or from a hard copy of an existing toll invoice.
• View and manage your toll road account/s directly through the organisation’s official website or app.

If you’ve received and responded to a message that you now believe is a scam, and have transferred money, shared your ANZ banking details and/or account credentials, contact ANZ immediately. 

You can also report scams at Scamwatch. For more information on how to protect yourself online, please visit the ANZ Security Centre.

18 August 2023: Fake ANZ website alert

Customers are advised that we’ve identified fake websites impersonating ANZ Transactive Global, with searches for ANZ Transactive being redirected to a fake site. The fake website’s log in page asks for a customer’s User ID, Password, Token or ANZ Digital Key, and mobile number to urgently update customer details through a series of verification pages, and ends with a message saying an ANZ representative will be calling them shortly. This information gives the fraudster enough details to be able to gain trust as an ANZ employee with the intention of committing fraud.

Fraudsters pay for ads to secure top search engine positions, exploiting users' trust and increasing the likelihood of successful scams.

Tips to help you bank securely:

• Go directly to the anz website (anz.com.au) to log-in instead of through search engines or hyperlinks.
• Check for misspelled words in the URL and website
• Refrain from clicking on links tagged as an Ad

Below is an example of such a malicious ad and fake website:

If you’ve received and responded to a message that you now believe is a scam, and have transferred money or shared your ANZ banking details and/or account credentials contact ANZ immediately. 

You can also report scams to Scamwatch.

For more information on how to protect yourself online, please visit the ANZ Security Centre.

10 August 2023: Romance-investment scams

We are aware of scammers building relationships with people in order to build their trust and subsequently luring them into an investment scam. The scam starts with an unexpected message or request (including via email, social media platforms, messaging apps, etc.) from the scammer using a fake identity.

Once the scammer has built the individual’s trust, the scammer then manipulates the individual into believing they should quickly transfer money and/or provide personal and financial details to take advantage of a low-risk, high return investment. The scammer may offer to help the individual with their investments (by claiming to set up their accounts or trade on their behalf) or offer to teach the individual how to invest.

The scammer will typically disappear after the payment has been made or continue seeking opportunities to collect more money.

How to help protect yourself from Romance-Investment Scams:

• Don’t dive in head first – ask questions to verify their identity and claims
• Do a little digging to check if their profile (or alias) appears in anecdotes from other romance scam survivors
• Do a Google reverse image search of their photo to check if it has been used by others
• Don’t be pressured into sending money, especially If it seems too good to be true. Stop and think twice before acting on an urgent request
• Never share your personal information (like passwords, PINs, one-time passcodes (OTP), ANZ Shield Code and card number/s)
• Perform sufficient checks before giving your details or replying to messages offering financial advice or urgent investment opportunities.
• Never provide remote access to your device

You should make your own reasonable enquiries and check if a financial adviser is registered via the ASIC website and check ASIC’s list of companies you should not deal with. If the company that is asking for your investment is on the list – do not deal with them. 

If you’ve received and responded to a message that you now believe is a scam, and have transferred money or shared your ANZ banking details and/or account credentials contact ANZ immediately. 

You can also report scams to Scamwatch.

For more information on how to protect yourself online, please visit the ANZ Security Centre.

26 July 2023: Loyalty points scams

We are aware of a new scam targeting customers of loyalty programs of large, well-known Australian companies (including but not limited to airlines, telecommunications and retail companies).

The scam is delivered to customers through a text message or email stating their loyalty points are expiring. This correspondence includes a link to a fake website, which prompts customers to login. Customers may also be asked to provide credit card details to use loyalty points.

If the customer follows the instructions as per the email or text, scammers will steal their points, login details and/or personal information to use on other platforms and commit identity fraud.

Tips to protect yourself from loyalty points scams:

• Don’t click on links included in a text message and be wary of suspicious links contained in emails.
• Always navigate to the company’s app or website independently to check the status of your points.
• Contact the company to confirm whether the correspondence you have received is genuine.

For more information about this scam, visit Scamwatch.

If you’ve received and responded to a message that you now believe is a scam, have shared your ANZ banking details, or you’re concerned your personal details have been compromised, contact ANZ immediately.

You can also report scams to Scamwatch.

For more information on how to protect yourself online, please visit the ANZ Security Centre.

21 July 2023: Tax time scams

Individuals should be aware of increased scam activity as sophisticated cyber criminals take advantage of the busy tax period. During this busy time, scammers may use sophisticated tactics to try and catch you off guard. There are various types of scams, and the intent is clear - they want to steal your money or personal information.

Cyber criminals attempt to take advantage of this time of year with tax-related impersonation scams, namely those appearing to originate from the Australian Tax Office (ATO) or other government services such as myGov.

Scammers may impersonate the ATO or myGov and threaten individuals and businesses with tax debt or offer rebates.

Individuals should stay alert to phishing, smishing (SMS phishing) and vishing (phone call phishing) scams. Always verify that requests are authentic before clicking on links, opening attachments or following instructions, particularly when it comes to your finances or personal information.

Otherwise, if you are unsure about the authenticity of a call or message, contact the ATO or applicable government service to verify.

Top tips to help protect yourself during tax time:

• If you receive a request via email, phone or SMS message to change or update payment information, always verify by contacting the supplier directly using contact information that you know is genuine, and not contained within the suspicious communications in question.
• Turn on multi-factor authentication for all essential services such as email, bank, social media accounts and any databases holding personal or customer information.
• Access websites directly by typing the URL into a web browser, rather than clicking on a link.
• Remember, if something seems too good to be true, it usually is. Pause and verify before acting.

Examples of scams include:

If you receive one of these messages, do NOT click on the link, and delete the message immediately.

If you’ve received and responded to a message that you now believe is a scam, and have shared your banking details, account credentials, or you’re concerned your personal details have been compromised, contact ANZ immediately.

You can also report scams at Scamwatch.

For more information on how to protect yourself online, please visit the ANZ Security Centre.

04 July 2023: Online Sales Scams

Online sale and marketplace scams using PayID, cheque and other payment channels

We are aware of scammers targeting individuals who are selling items through online marketplace and selling platforms.

Examples include:

PayID scam

Common variations of the scam include the scammer offering to purchase the goods via a PayID associated with an email.

If agreed, the scammer then claims that either:

• they paid for the goods but there was an issue with the payment because the buyer doesn’t have a ‘premium’ or ‘business’ account. The scammer claims to have paid for the upgrade on behalf of the seller and requests ‘reimbursement’; or
• they accidentally overpaid for the goods and seek ‘reimbursement’.

Having the seller's email, the scammer may also send a fake email appearing to originate from ‘PayID’ as ‘evidence’ of the payment, further pressuring the seller into ‘reimbursing’ them.

This is a scam, and the seller does not receive any money to their account.

PayPal scam

Similar to the PayID scam, the scammer poses as a buyer purchasing goods through PayPal. If the seller agrees to the sale, a scam email may be received claiming that the “buyer” has paid for the goods, but there was an issue with the payment because the seller doesn’t have a business account. The scammer at this point may claim to have paid for the upgrade and requests a ‘reimbursement’, alternatively, they may continue to email the seller requesting personal/financial details and screenshots of the seller’s PayPal account.

The seller does not receive any money into their account.

The following is an example of such a scam:

Cheque scam

Typically, the scammer requests to pay for the goods with a cheque and asks the seller for their account details.

If agreed, the scammer then deposits a valueless cheque into a smart ATM. The sellers account may indicate that money has been deposited, reflected under their account ‘Balance’, instead of under ‘Funds’. These terms may differ depending on who you bank with.

Believing they have been paid, sellers then release the goods to the buyer. However, the cheque is later dishonoured, and the customer is not paid for the item.

Remember:

• PayIDs are managed by your bank, and PayID would never contact you directly. If you have concerns, please contact your bank.*
• Do not make any ‘reimbursement’ payments unless you have confirmed and verified a payment/overpayment received in your account.
• Do not release any goods to the buyer until payment is confirmed.
• It generally takes three to seven working days for a cheque to clear.
• ANZ uses the labels ‘Funds’ and ‘Balance,’ for more information click here

*PayID is a secure way to help you make and receive fast payments between banks. For more information, visit anz.com/payid

If you believe you may have fallen victim to a scam, follow the steps outlined on the Report bank fraud page.

You can also report scams at Scamwatch.

For more information on how to protect yourself online, please visit the ANZ Security Centre.

09 June 2023: Investment scams

Investment scams

Investment scams are on the rise, particularly those involving cryptocurrency. Cryptocurrency is a form of digital currency such as Bitcoin.

A scenario we are aware of are scammers posing as ‘advisors’ tricking individuals who have invested in cryptocurrency, into handing over their login credentials. Once they have access to the cryptocurrency wallet, the scammer transfers the cryptocurrency out, rather than investing the funds as the individuals are led to believe. The scammers often appear very professional and knowledgeable and may impersonate legitimate organisations.

You can find out more about different types of investment scams at Scamwatch.

Be aware of the alarm bells. According to Moneysmart, signs of an investment scam may include: 

• offering high investment returns
• the absence of an Australian Financial Services (AFS) licence
• frequent contact pressuring you to make fast decisions
  
• providing an investment prospectus that is not registered with the Australian Securities & Investments Commission (ASIC)
• the use of a reputable organisation’s name to instil credibility

To reduce the risk of your falling for an investment scam, we recommend that you perform sufficient checks before giving your details to an unsolicited caller or reply to emails offering financial advice or urgent investment opportunities. You should make your own reasonable enquiries and check if a financial adviser is registered via the ASIC website and check ASIC’s list of companies you should not deal with. If the company that is asking for your investment is on the list – do not deal with them. 

You can report scams at Scamwatch.

For more information on how to protect yourself online, please visit the ANZ Security Centre.

10 May 2023: myGov scam

myGov scam

We are aware of a new phishing campaign circulating, as pictured.

The SMS message appears to come from ‘myGov’ and states that “Eligible individuals can receive a one-time payment of $750 to help with their living expenses”. In the example above, an illegitimate link to a website has been included in the SMS message and if individuals click the link, it may direct them to a fake ‘myGov’ website.

Scammers are targeting myGov, and reports to the Australian Competition and Consumer Commission (ACCC)’s Scamwatch regarding myGov email and SMS message scams have increased by 160% in the month from December 2022 to January 2023.

The ACCC Scamwatch has warned individuals to stay vigilant about myGov scams and advised against clicking on a link included in an email or SMS message, or to share any personal information. myGov will never send you an email or SMS message with a link directing you to a website to sign in to your myGov account.

If you receive one of these email or scam SMS messages, do NOT reply to the message, do NOT click the link, and delete the message immediately. 

If you’ve received and responded to a message that you now believe is a scam, and have shared your banking details, account credentials, or you’re concerned your personal details have been compromised, contact ANZ immediately. 

You can also report scams at Scamwatch. For more information on how to protect yourself online, please visit the ANZ Security Centre.

Below you will find examples of Data Breach Alerts. 

We have developed a dedicated Data Breach Customer Support page where you will find  supporting resources and frequently asked questions.

20 June 2023: HWL Ebsworth Data Breach

Data breach

ANZ is aware of a cyber-security incident at the Australian law firm, HWL Ebsworth (HWLE).

HWLE is one of the legal firms ANZ uses to provide legal advice. The incident has not affected ANZ’s systems.

ANZ understands the unauthorised access by a third-party to HWLE’s systems has resulted in the disclosure of personal and confidential information of HWLE clients.

What we are doing:

• We are working with HWLE and others to address the potential exposure.
• ANZ will contact those employees and customers whose information may have been disclosed and who need to be notified.
• We recognise cyber events like these are distressing for those involved.  We will continue to work as hard as we can to prevent such events impacting on ANZ’s customers, staff and shareholders and the community more broadly.

We have developed a dedicated Data Breach Customer Support page where you will find supporting resources and frequently asked questions.

If you are an ANZ customer, please ensure you look out for unusual or fraudulent activity. If you would like increased security across your accounts, please contact us or Report bank fraud immediately.

More information relating to this incident is available on the HWL Ebsworth website or contact HWLE at hwlecyberhelp@hwle.com.au

1 May 2023: Latitude Financial Services

Data breach

ANZ is aware that Latitude Financial Services is investigating a cyber-attack, resulting in the unauthorised access of its customers’ information.

Latitude Financial Services has advised the information exposed may include identification documents of prospective applicants, current and past customers, BSB numbers, account numbers and credit card numbers.

More information is available on the Latitude Financial Services website, and at IDCARE.

Please refer to our dedicated Data Breach Customer Support page where you will find more useful information and resources.

If you are an ANZ customer, please ensure you look out for unusual or fraudulent activity. If you would like increased security across your accounts, please contact us or Report bank fraud immediately.

16 March 2023: Latitude Financial Services

Data breach

ANZ is aware that Latitude Financial Services is investigating a cyber-attack, resulting in the unauthorised access of its customers’ information.

The Latitude Group has advised that the information exposed may include identification documents of prospective applicants, current, and past customers.

More information is available on the Latitude Financial Services website.

Please refer to our dedicated Data Breach Customer Support page where you will find more useful information and resources.

Malware targeting ABA payment files

ANZ is aware of a particular strain of malware that appears to fraudulently modify or alter beneficiary account details within customer generated ABA payments files. The malware appears to modify the ABA payment file prior to it being uploaded to the respective digital banking platform.

Refer to the ANZ Security Centre for guidance on how to detect and prevent malware or www.cyber.gov.au

Contact ANZ immediately to report fraudulent or unusual activity on your account:

Phone: 137 028 (+61 3 8693 7153)
Email: fraud@anz.com
Operating Hours: 8:00am – 8:00pm AEST

27 November 2023: The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) has published a critical alert for businesses

Applicable to all businesses using Citrix NetSCaler ADC and NetScaler Gateway

The ASD's ACSC has published a critical alert regarding vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway that may be in use on Australian networks.

ASD’s ACSC is aware that there have been successful exploitation attempts against Australian organisations and recommended that affected entities review the available mitigations and apply where possible as a matter of high priority.

The ASD’s ACSC has assessed that there is significant exposure to these Citrix NetScaler ADC and NetScaler Gateway vulnerabilities in Australia and that any future exploitation of these vulnerabilities would have a significant impact to Australian systems and networks. ASD’s ACSC advises that Australian organisations should review their networks for use of vulnerable instances of Citrix NetScaler ADC and NetScaler Gateway. The ASD’s ACSC has strongly urged affected organisations to install the relevant updated versions of Citrix NetScaler ADC and NetScaler Gateway as soon as possible. 

For more information, please read the Australian Cyber Security Centre’s alert, Citrix Products NetScaler ADC and NetScaler Gateway Vulnerabilities.

8 November 2023: Patch and update software vulnerabilities to help prevent cyberattacks

The Home Affairs and Cyber Security Minister, Clare O’Neil has urged businesses to immediately address software vulnerabilities and conduct patch management to help prevent cyberattacks. (Australian Financial Review, 2023)

Businesses should ensure that software bugs are regularly patched and upgraded, for systems to function properly and securely.

Patches are updates that address specific software vulnerabilities. Cyber criminals can exploit these vulnerabilities when left unmanaged, leading to cyberattacks. Regular patching and updates can protect against cyber threats, but can also improve the performance of the system, thus keeping business operations running smoothly.

For more information, visit the Australian Cyber Security Centre and search for Alerts and Advisories.

20 October 2022: Medibank and ahm Private Health Insurance 

Data breach
ANZ is aware that Medibank and ahm Private Health Insurance is investigating the unauthorised access of its customers’ information.

The Medibank group has advised that the information exposed may include:

• ahm customers’ personal data and health claims data 
• International student customers’ personal data and health claims data 
• Medibank customers’ personal data and health claims data

More information is available on the Medibank and ahm websites.

Please refer to our dedicated Data Breach Customer Support page where you will find more useful information and resources.

26 September 2022: Optus Data Breach

Data Breach
ANZ is aware that Singtel Optus Pty Limited (Optus) is investigating the unauthorised access of its current and former customers' information.

Optus has advised that the information potentially exposed may include customers' names, dates of birth, phone numbers, email addresses, and – for a subset of customers – addresses and ID document numbers (such as driver licence or passport numbers). 

Optus has also advised that payment details and account passwords have not been compromised.

Optus has assured ANZ its Wholesale, Satellite and Enterprise customers that this cyberattack does not affect the platforms and services supporting them. Optus has advised customers that their services remain safe to use and operate as they normally do.

More information is available on the Optus website https://www.optus.com.au/support/cyberattack

Please refer to our dedicated page where you will find more useful information and resources.

26 June 2022

Phone scam

We are seeing an increase in phone scams where callers claim to be an ANZ staff member.

These scammers are calling customers advising that their funds are at risk of fraud or there is suspicious activity on their account and requesting customers to move funds to another account to protect their money – we recommend that you terminate these calls immediately.

Whilst our fraud team may call customers from time to time to verify suspicious transactions like these, we will never ask you to transfer money or download software.

We suggest that you should not provide personal or banking information to unknown people via an unsolicited call, SMS or email, or give them access to your computer or online bank accounts. Always contact ANZ via a phone number or other contact details published on our website www.anz.com 

For more information about scams or if you believe you may have fallen victim to a scam, follow the steps outlined on the Report bank fraud page.

20 June 2022: Phishing SMS

Fake SMS

A number of customers have reported receiving phishing messages asking them to verify their account.

Don’t respond to suspicious texts, calls or emails – even if they appear to come from legitimate organisations

ANZ will never email, call or text message you, asking for personal information like your password, PIN, one-time password (OTP) for payments, RSA token, ANZ Shield or ask you to transfer funds into another account.

If you receive a suspicious SMS from ANZ about activity on your account and/or you are not currently using ANZ services, don’t respond to it and let us know.  Follow the steps outlined on the Report bank fraud page.

Contact your bank immediately on a number you know if you receive a message from someone saying your account is at risk or if you enter personal details into a link, you suspect is a scam.

9 June 2022: Imposter Bonds Scam

Bonds scam
We are aware of scammers pretending to be associated with well-known financial service firms, including Australia and New Zealand Banking Group Limited (“ANZ”), and offering investments in bonds or debt securities to investors. ANZ and its related entities in Australia do not typically deal in bonds or debt securities directly with the general public.

Please be careful if contacted in relation to the above investments and make proper enquiries before investing. Refer to the ASIC media release warning investors of the scam and practical checks Australian investors can avail themselves of before investing.

We’ve been made aware scammers have been falsely claiming to represent, or be associated with, ANZ Capel Court Limited. ANZ Capel Court Limited does not deal with the general public at all.

Websites and emails using “Capel Court” in the domain name and email address have appeared offering the general public access to Government Bonds, Corporate Bonds and Term Deposits. These websites and emails have contained false claims that ANZ Capel Court Limited is the boutique investment arm of ANZ and that they are associated with ANZ. They contain ANZ Capel Court Limited’s actual ACN and AFS License number, logos and street addresses in well-known commercial office precincts in Melbourne and Sydney. While they may look genuine and sophisticated, these websites, emails and associated phone calls are part of a sophisticated scam. Please remember, you should never send money in response to these offers, emails or associated calls. ANZ is assisting Police with ongoing investigations into this matter.

If you are contacted by someone claiming to be from an ANZ entity in Australia and is offering bonds or debt securities investments, please report it.

1 March 2022: ANZ response to heightened global threat environment

The Australian Cyber Security Centre (ACSC) recently published an Alert and Advisory to encourage Australian organisations to urgently adopt an enhanced cyber security position. While the ACSC states that it is not aware of any current or specific threats to Australian organisations, it advises that adopting an enhanced cyber security posture and increased monitoring for threats will help to reduce the impacts to Australian organisations.

The ACSC suggests that organisations should act now and follow its advice to improve cyber security resilience.

For more information, please refer to the information available on the ACSC website. 

For up to date information please also refer to ACSC’s accounts:  

• Facebook -  www.facebook.com/cybergovau
• Twitter -  www.twitter.com/cybergovau
• LinkedIn - www.linkedin.com/company/australian-cyber-security-centre

16 December 2021: Apache Log4j2 vulnerability

Please be aware the Australian Cyber Security Centre (ACSC) has issued an advisory regarding a critical remote code execution vulnerability affecting Apache’s Log4j2 library, a popular Java-based logging utility. 

Due to its widespread use, a number of third-party apps may also be vulnerable from this threat. ACSC recommends that organisations using this tool should immediately apply the patches released by Apache and other vendors using Log4j2.

For more information, please refer to the  ACSC advisory.

20 August 2021: SMS Scam Alert

Smishing

We are aware of a number of SMS phishing campaigns ("smishing") such as the ones pictured currently targeting our customers.

ANZ will never send you an email/SMS asking for your account or financial details, or for your log in details for ANZ Phone Banking, ANZ Mobile Banking or ANZ Internet Banking.

If you have received a hoax/suspicious email or text claiming to be from ANZ:

1. Do NOT click on any unexpected/unusual links or open attachments.
2. Forward the email or SMS to hoax@cybersecurity.anz.com
3. Immediately contact ANZ if you’ve clicked on any links or downloaded any attachments
4. Delete the message from your inbox.

Contact ANZ immediately if you’ve:

• shared your banking details in response to a hoax phone call, email or SMS
• accidentally clicked on any links or downloaded any attachments
• noticed any unusual transactions on your accounts

To help you protect your virtual valuables, remember to make a PACT. For more information on how to protect yourself, visit the ANZ security centre.

20 August 2021: SMS Scams online shopping transactions

SMS scam

ANZ has received reports of customers receiving SMS scam messages. The SMS messages appear to come from ANZ and from large online retailers like Amazon, and ask customers to click a link to cancel a fictitious order.

The message and the link are illegitimate, despite using URLs that appear similar to the correct website address. The message may also look like it has come from a legitimate number and appear in your messages amongst existing and legitimate messages from ANZ.

If clicked, the link will take you to a site that looks identical to the ANZ login page but has been designed to steal your personal details such as account credentials.

If you receive one of these messages, do NOT click the link, delete the message immediately. 

If you’ve received and responded to a message that you now believe is a scam, and have shared your banking details, account credentials, or you’re concerned your personal details have been compromised, contact ANZ immediately.

You can also report scams at Scamwatch. For more information on how to protect yourself online, please visit the ANZ Security Centre.

17 March 2020: Look out for COVID-19 Scams

COVID-19 Scams
In times of heightened fear and anxiety, there are some people who take advantage of the situation through scams. Sadly, this is true today, with an increasing amount of fake activity around COVID-19, including phishing emails, text messages, phone calls and social media activity (news, malicious links etc.) requesting personal and financial information. While these messages do not currently impersonate ANZ, it is possible that these could change over the coming days and weeks.

As just one example, the Australian Competition and Consumer Commission (ACCC)’s Scamwatch has received multiple reports of COVID-19 themed scam texts being sent to members of the public.

The text messages appear to come from ‘GOV’ as the sender and they include a link to find out when to ‘get tested in your geographical area’ for COVID-19.

In the below example, an illegitimate link has been included in the text message, and if clicked may install malicious software on your device, that has been designed to steal your banking details.

If you receive one of these messages, do not click the link and delete the message immediately.

If you’ve received and responded to a message that you now believe is a scam, have shared your banking details, or you’re concerned your personal details have been compromised, contact ANZ immediately.

You can also report scams at Scamwatch.

For more information on how to protect yourself online, please visit the ANZ Security Centre.

22 August 2019: PayID Event

Data breach
ANZ is currently responding to a data breach by another financial institution which has impacted a small number of our customers.

The data breach led to the disclosure of PayID details linked to a number of mobile phone numbers.

We understand that the information disclosed includes: full name, PayID nickname, and mobile, BSB and Account numbers of the impacted customers. The risk to customers is that those responsible may use this data to target phishing attempts to obtain customer credentials, leading to possible fraud. At this stage our monitoring has not identified any fraud as a result of the disclosure of these PayID details.

Customers with impacted accounts have been contacted and these accounts are being closely monitored. We are working with all relevant parties to manage the security of our customers' data and accounts and we will apply additional security controls to affected accounts where necessary. We will also continue to proactively contact customers where fraud has been identified.

ANZ takes the protection of our customers very seriously and we are extremely disappointed this incident has occurred.

Customers are advised to remain vigilant for phishing attempts. Customers are also reminded that ANZ will never send an email or SMS asking for your account or financial details, or log-in details for ANZ Phone Banking, ANZ Mobile Banking or ANZ Internet Banking.

For more information on how to protect yourself, please visit the ANZ security centre.

June 2019: PayID Event

ANZ is aware of a recent industry-wide PayID event. ANZ has systems and processes in place to monitor such activity and is investigating this further.  Importantly, financial details and credentials are not available on the PayID database, and therefore none of these details have been compromised.

Details impacted by the event include the account name and mobile phone number. Customers are advised to be aware of suspicious messages via text message (smishing) or calls as fraudsters may attempt to use name and mobile phone numbers to attempt to access banking details through hoax text messages designed to look legitimate.  We will continue to proactively contact customers where fraud has been identified.

ANZ takes its privacy obligations very seriously and we remain vigilant. We are firmly focused on supporting our customers.

For more information, please visit the ANZ Security Centre

February 2019: ANZ comments on Fairfax Media story about property valuations data breach

Data breach
ANZ today commented on a Fairfax Media story about a data breach related to an external Australian property valuer used by ANZ.

ANZ Chief Data Officer Emma Gray said: “ANZ is aware of this industry-wide incident.

“We are currently undertaking investigations to understand specifically which ANZ customers may be affected and we will contact them directly to discuss potential impacts and how we will support them.

“At this stage we understand a very small percentage of our customers who had valuations undertaken between November 2015 and December 2018 are potentially impacted.

“ANZ uses a range of property valuers and the organisation in question represents a very small portion of the valuations conducted. As a result of this incident ANZ has currently suspended use of the services of the valuation provider at the centre of the investigations. We have no reason to believe any of the other valuers ANZ uses are impacted by this incident.

“ANZ takes its privacy obligations very seriously and we are extremely disappointed this incident has occurred. We are now firmly focussed on supporting our customers through this incident.”