Tuesday, March 20, 2012

Alert: ANZ Sign-In Protection Alert

I received the following message and felt the techniques used by the scammer were interesting and hoped that no one is tricked by this type of email anymore.

An attempt to access ANZ Online Banking was denied on Tuesday, 20 March 2012, 10:07:48 EDT.

If you do not remember trying to access Online Banking on the above date and time, please select
That was NOT me.

You will then be prompted to safeguards your account.
2012 ANZ Bank Limited.

What I thought was interesting was the logic of tricking people into saying it wasn’t them, rather than the direct approach of getting them to go to their account. I thought that was an interesting social engineering technique.

The second technique was the time involved. This was within a couple of hours of the actual time which potentially lends credibility to the information provided.

It is a very obvious scam email. Straight text which I don’t think any large corporate would use. The link is to a Netherlands domain which has nothing to do with ANZ Australia, however the email originated from Bulgaria.

My approach to banking email is that I don’t provide my bank with my email details where I can, except for the one where I had to, and I asked that they don’t send me any emails. That way all emails from banking institutions to me are scams. My approach is very low tech and I’d suggest it to others who are concerned about scammers. I see almost no reason for my banks to have or use my email address, except for marketing, which I don’t want, so why provide them with details they don’t need.

I am amazed in this day and age how all of us are approached multiple times a day with scams. Certainly different for years ago when the internet didn’t exist.

Kelvin Eldridge

No comments:

Post a Comment

Note: only a member of this blog may post a comment.