skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus
Find ANZ Support Centre
Find ANZ Support Centre

Latest scams, fraud and security alerts

Stay informed on the latest scams, fraud, and security alerts. Learn about emerging cyber threats and important online risks as they arise. If you are a business, make sure to stay updated with the latest business security alerts  that could impact you.

Explore the latest alerts below, and make informed decisions to help keep your personal and banking details safe.
 

 Businesses: See latest security alerts 

 June 2025

Latest alerts scam SMS

 Posted on 17 June 2025

Watch out for Investment Scams

Type:     

Investment scams are on the rise, and they’re becoming more convincing than ever. Many of these scams begin with ads on social media that appear to be endorsed by well-known and trusted public figures.

Once you engage, the scammer may introduce what sounds like an incredible opportunity to grow your money —often promising returns that are far higher than what you’d expect from a genuine investment. Sometimes, though, the offer might only seem slightly better than what you're currently getting, making it even more convincing and harder to detect.

Here’s what to look out for:

  • You’re asked to share personal or financial details
  • You’re encouraged to download software or apps
  • You’re told to transfer money to unfamiliar accounts
  • You may even see small “profits” at first, but then be asked to pay a fee or tax to withdraw your funds

  • Do your research: Look up the company or platform independently. Check for reviews, complaints, or warnings from official sources.
  • Verify endorsements: Just because a public figure appears in an ad doesn’t mean they support it. Scammers often use fake or stolen images.
  • Be cautious with high returns: Legitimate investments rarely offer guaranteed or unusually high profits.
  • Don’t rush: Scammers often pressure you to act quickly. Take your time to think and consult someone you trust.
  • Use secure channels: Never share sensitive information or transfer money through unofficial or unverified platforms.

For more information visit, What is an investment scam, and how can you protect yourself?

If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.

You can also report scams to the Australian Government’s Scamwatch and the Australian Signals Directorate’s ReportCyber portal.

Screenshot from Instagram showing a scam message promoting unrealistic investment returns.

Screenshot from a social media platform showing a scam message promoting unrealistic investment returns.
 

Screenshot from Facebook advertising a false investment scheme

Screenshot from a social media platform advertising a false investment scheme.
 

Screenshot from US Securities and Exchange Commission showing a message of a sign up page of an investment platform

Screenshot from US Securities and Exchange Commission showing a message of a sign up page of an investment platform.

 May 2025

Latest alerts scam call

 Posted on 06 May 2025

End of Financial Year Scams

Type:    

Individuals and businesses should be aware of increased scam activity as sophisticated cyber criminals take advantage of the busy tax period. During this busy time, scammers may use sophisticated tactics to try and catch you off guard. There are various types of scams, and the intent is clear - they want to steal your money or personal information.

Cyber criminals attempt to take advantage of this time of year with tax-related impersonation scams, namely those appearing to originate from the Australian Tax Office (ATO) or other government services such as myGov.

If you are unsure about the authenticity of a call or message, contact the ATO or applicable government service to verify.

For more information about rebate, refund and EOFY scams visit Rebate and refund scams online.
 

SMS tax time scam example

SMS tax time scam example

If you’ve received and responded to a message that you now believe is a scam, have shared your ANZ banking details, or you’re concerned your personal details have been compromised, please contact us straightaway

You can also report scams at Scamwatch.

For more information on how to protect yourself online, please visit the ANZ Security hub.

 April 2025

Latest alerts critical vulnerability

 Posted on 17 April 2025

ANZ urges customers to stay alert to malware infection on their devices

Type:  

Malware is any kind of malicious software or code designed to exploit a computer, including computer viruses, worms, trojans, spyware or other malicious programs. Malware can be installed on a device without the user's knowledge or permission, often through email attachments, malicious websites, or compromised software.

To help protect our customers, ANZ uses security software that may detect if malware is present. If malware is detected, ANZ might lock your CRN from accessing Internet Banking. To get your CRN unlocked and proceed with Internet Banking, you will need to contact us.

 

  • Be wary of unexpected messages or calls that ask you to click on a link, download a file, or provide remote access. Never follow through with these requests without verifying the sender.
  • Research any apps before you download to triple-check that they are not malware.
  • Avoid using public Wi-Fi, as malware can easily spread across public networks.
  • Use Multi-factor authentication (MFA) on all of your accounts.
  • Ensure all device and security software is up to date. Android users can access Google Play Protect, a built-in mobile threat protection service that scans apps for malware and other harmful behaviour.
  • ANZ offers our customers access to IBM Trusteer Rapport. For more information on accessing and downloading this software, please visit the ANZ Security Hub https://www.anz.com.au/security/protect-devices/trusteer-rapport/. Please ensure that this product meets your needs.

ANZ’s customer protection teams and systems operate 24/7. Customers who believe they may have been a victim of a scam should contact us immediately, on 13 33 50 or visit us at https://www.anz.com.au/security/report-fraud/ for more information.

Report the scam to the Australian Signals Directorate’s ReportCyber portal. This resource is there for reports of scams where money or personal information has been lost.

Help others by reporting to Scamwatch to help them prevent future losses, monitor trends and educate the population about emerging threats.

 Business alerts

Latest alerts critical vulnerability

 Posted on 19 May 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published an alert regarding 2 vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM).

The 2 vulnerabilities the ASD's ACSC is tracking in Ivanti EPMM are:

  1. CVE-2025-4427: Medium severity Authentication Bypass, and
  2. CVE-2025-4428: High severity Remote Code Execution

When chained together, these vulnerabilities can provide unauthenticated attackers Remote Code Execution.

All versions of Ivanti EPMM prior to and including 12.5.0.0 are vulnerable.
 

ASD’s ACSC encourages Australian organisations to:

  • Review their networks for the use of Ivanti EPMM and apply the latest patches available through Ivanti’s download portal, and
  • Review Ivanti’s advisory for mitigation advice until they are able to implement the required patches.

For more information, please refer to the Australian Cyber Security Centre’s alert: Multiple Vulnerabilities In Ivanti Endpoint Manager Mobile (Ivanti EPMM) | Cyber.gov.au

Latest alerts critical vulnerability

 Posted on 17 April 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published a critical alert regarding vulnerabilities affecting exploitation of existing Fortinet Vulnerabilities.

Customers are encouraged to update their devices and investigate for potential compromise. 

Fortinet has released information regarding their observation of active exploitation of previously known vulnerabilities affecting Fortinet devices, including:

  • FG-IR-24-015: Out-of-bound Write in sslvpnd
  • FG-IR-23-097: Heap buffer overflow in sslvpn pre-authentication
  • FG-IR-22-398: Heap-based buffer overflow in sslvpnd.

Fortinet have previously released patches for these vulnerabilities.

The observed post exploitation activity relates to either unpatched devices or those that were compromised prior to patching.
 

ASD’s ACSC encourages Australian businesses, organisations and government entities:

  • Follow Fortinet’s published advice relating to this activity.
  • Upgrade to the latest versions of affected products.
  • Review configuration of all affected products for potential modification and compromise.
  • Monitor and investigate for suspicious activity in connected environments.
  • Further information can be found at Fortinet’s advisory page Analysis of Threat Actor Activity | Fortinet Blog

For more information, please read the Australian Cyber Security Centre’s alert: Exploitation of existing Fortinet Vulnerabilities | Cyber.gov.au

Latest alerts critical vulnerability

 Posted on 08 April 2025

Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)

Type:  

The ASD's ACSC has published a critical alert regarding vulnerabilities affecting Pulse/Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457).

Ivanti has released information regarding a critical unauthenticated buffer overflow vulnerability in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457).

Ivanti has observed active exploitation associated with this vulnerability.

Affected products include:

  • Pulse Connect Secure 9.1.X 
  • Ivanti Connect Secure (version 22.7R2.5 and earlier)
  • Ivanti Policy Secure
  • Neurons for ZTA gateways

Pulse Connect Secure 9.1X is end of support as of 31 December 2024.
 

ASD’s ACSC encourages Australian businesses, organisations and government entities:

  • Follow Ivanti’s Security Advice for affected products.
  • Ensure affected products are updated to patched versions that address this vulnerability.
  • Ensure affected devices are configured in line with Ivaniti’s guidance to mitigate exploitation. 
  • Investigate for potential compromise of these products. 
  • Monitor and investigate for suspicious activity in connected environments.

For more information, please read the Australian Cyber Security Centre’s alert: Critical vulnerability in Pulse/Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways (CVE-2025-22457) | Cyber.gov.au

View older alerts 

Important information

App Store is a service mark of Apple Inc. Google Play and the Google Play logo are trademarks of Google LLC

Top