It looks identical to your bank's online portal. But don't be fooled. A SMS phishing scam is catching victims by directing them to fake websites which look identical to those of real Australian banks, and then capturing their private banking login details. We have some tips on how to deal with this kind of scam.
Image: A scam ANZ Internet Banking web page looks identical to the real thing.
Potential victims are sent a short text message with a link that appears to be from a genuine banking institution, but instead it redirects to the fake website.
A sample image provided by Australia's communications watchdog shows just how sophisticated the scam is. It's almost impossible to tell the real ANZ Internet Banking mobile page apart from the scam one. The only difference is the URL, but even this could be easily overlooked or mistaken for a genuine website by unsuspecting victims.
It has two fields which ask for a Customer Registration Number and a Password, with a Log on button below.
The Australian Communications and Media Authority has listed dozens of fake URLs, many of which are similar to those of genuine online banking sites but with added words or letters such as "mobile", "m" or "mobi".
The authority issued an alert on Wednesday for "all mobile phone users" in both Australia and New Zealand.
The banks that are known to have been targeted in the scam are ANZ, Bank of Queensland, Bendigo, GE Money, Heritage, Macquarie, National Australia Bank, St George and Suncorp. The ACMA said the scammers were progressively targeting different banks.
"It appears that the criminals behind this campaign are constantly refining their messages and the associated fake imitation banking websites to increase their chance of success," it said. The watchdog became aware of the scam after numerous victims reported it via the ACMA's SMS spam reporting number. Anyone who thinks they have been sent a scam text message can notify the ACMA on 0429 999 888.
Customers who are concerned they may have clicked on a spam link or entered their login credentials at a fake site are advised to contact their bank immediately. Victims are also encouraged to report incidents via the federal government's Australian Cybercrime Online Reporting Network.
Useful tips to help stay protected
To help minimise your chances of being duped by these and other phishing campaigns, we recommend that you:
- Don't open SMS or emails from unknown or suspicious sources
- Never follow hyperlinks contained in these messages
- Always carefully check the authenticity of a website that requests your user credentials
- Never reuse the same login credentials on any web service
- Where available, use two-factor authentication on your accounts.
We encourage all Australian consumers to forward any suspicious or spam-related SMS messages to our hotline on 0429 999 888.
This article originally appeared on The Sydney Morning Herald