Buying your next home?
See our home loan tools, articles and resources to help you explore your home loan options. We'll help you get to a good place.
Buying your next home?
See our home loan tools, articles and resources to help you explore your home loan options. We'll help you get to a good place.
Fraud protection.
Now it’s personal.
ANZ Falcon® technology monitors millions of transactions every day to help keep you safe from fraud.
Falcon® is a registered trademark of Fair Isaac Corporation.
Get up to speed with cyber threats, scams and other important online risks that occurred over the last year.
For more recent security alerts from the last two months, please see our latest scams, fraud and security alerts.
Posted on 25 September 2024
Type:
The ASD's ACSC has sent a critical alert relevant to Australian organisations who are running or administering instances of Ivanti CSA 4.6 (Cloud Services Appliance).
Customers are encouraged to apply available mitigations and patches as soon as possible.
Organisations that use Ivanti CSA 4.6 (Cloud Services Appliance) should follow the mitigations advice provided in the Ivanti Security Advisory.
Ivanti advise that CSA 4.6 is End of Life and strongly recommends that their customers upgrade to CSA 5.0.
Organisations or individuals that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).
For more information, please read the Australian Cyber Security Centre’s alert: Critical vulnerability in Ivanti CSA 4.6 (Cloud Services Appliance)
Posted on 20 September 2024
Type:
Unfortunately, we are still seeing instances of bank impersonation scams, and urge customers to be cautious of SMS messages or phone calls claiming to be from ANZ. Bank impersonation scams occur when a scammer makes direct contact with you suggesting that they’ve identified a problem and that they’re trying to assist you. Be cautious of SMS messages or phone calls, claiming to be from ANZ. The scammer may ask you to provide your sensitive personal and/or banking information, transfer money, open another account, click on a link, or download software.
Remember, ANZ will never ask you to:
Impersonation scams impersonate not only banks, but government agencies, organisations and even friends or family members. Here are some tips to help you protect yourself:
For more information about bank impersonation scams, visit ANZ Security hub – types of scams – bank impersonation scams.
If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.
Type:
The ASD's ACSC has sent a critical alert regarding the vulnerabilities impacting Veeam Backup & Replication software.
There is significant exposure to the Veeam Backup & Replication vulnerabilities in Australia, and any future exploitation could have a significant impact on Australian systems and networks.
Australian organisations should review their networks for use of vulnerable instances of Veeam and implement the following mitigation advice.
A patch for vulnerabilities is available. Refer to the Veeam security advisory for further information on mitigation advice. The ACSC strongly recommends that affected Australian organisations patch this vulnerability as a matter of high priority.
Organisations or individuals that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).
For more information, visit the Veeam Security Bulletin.
Type:
The ACSC has published a high alert regarding vulnerabilities affecting CVE-2023-46085 and CVE-2024-21887 applications (This vulnerability impacts all supported versions ICS (9.x, 22.x) and IPS).
According to the ACSC, the vulnerability can result in deploying the destructive WhisperGate malware, for the purposes of espionage, sabotage, and reputational harm.
The ACSC encourages Australian organisations/businesses to:
For more information, please read the Australian Cyber Security Centre’s webpage.
Posted on 30 August 2024
Type:
The ASD's ACSC has published a medium alert regarding email scammers impersonating the ASD's ACSC by sending out phishing emails to the public with the email content suggesting to download a malicious antivirus program.
The cybercriminals are emailing from spoofed email accounts utilising ASD’s ACSC’s logo, with the subject and contents of the email varying. These emails suggest that an increase in cyber threats requires the recipient to download ‘Antivirus’ software through a malicious link to stay safe. If clicked on, there is potential that malicious software could be downloaded and installed to the individual’s computer.
ASD’s ACSC encourages Australians to not click on links within the email, report it and block the sender. If you have clicked the link, require assistance, or if you’re not sure it’s a real email from ASD’s ACSC you can contact the ASD's ACSC via 1300 CYBER1 (1300 292 371).
For more information, please read the Australian Cyber Security Centre’s alert - Email scammers impersonating the ASD's ACSC.
Type:
ANZ is aware of a global incident affecting some CrowdStrike and Microsoft services and we are monitoring the situation closely. There is no impact to ANZ's services and systems at this point in time.
Scammers are using this global incident to their advantage and we’re warning customers and businesses to be cautious of unsolicited calls, emails or messages requesting they download a software patch or provide remote access to fix or protect their computer from the CrowdStrike/Microsoft outage.
Downloading unsolicited software can give scammers access to your computer, including your bank accounts.
Customers and businesses should also be on alert to unsolicited requests from individuals claiming to be from their financial institutions or other businesses requesting they update or verify their personal or financial information due to the CrowdStrike/Microsoft outage.
If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.
Type:
ASD’s ACSC have published a critical alert regarding a CrowdStrike software update has led to worldwide outages impacting Windows systems on Friday 19 July 2024.
ASD’s ACSC strongly encourages all consumers to source their technical information and updates from official CrowdStrike sources only.
ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).
For more information, please read the Australian Cyber Security Centre alert - Widespread outages relating to CrowdStrike software update
Posted on 19 July 2024
Type:
Whenever possible, try using different usernames and passwords/passphrases across multiple online platforms and websites. In the event of a data breach, your login details for these platforms or websites may get compromised and can be used in a cyberattack known as credential stuffing.
In a credential stuffing attack, the cybercriminal will use previously stolen usernames and passwords from one platform or website and use them on other platforms or websites in the hope that users are re-using them – to get unauthorised access to their user accounts.
This may lead to fraudulent transactions being made using the payment information saved in the user accounts on these platforms and websites.
Attacks of this nature are becoming more prevalent. To help safeguard your money and your information, we want to remind you of the following tips:
If you suspect fraud on your account, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.
Posted on 05 July 2024
Type:
Whenever you browse the internet, be cautious of fraudulent pop-ups.
Pop-ups are windows or banners that automatically appear on a website and usually contain either advertising, notifications, or alerts. Often scammers use fraudulent pop-ups with warning messages to trick people into downloading software, click on links, or provide personal information. These fraudulent pop-ups are designed to create a sense of panic and may lead to personal data theft, financial loss, and broader security breaches within networks.
If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.
Posted on 12 June 2024
Type:
We have been made aware of an increase in bank impersonation scams. Be cautious of SMS messages or phone calls, claiming to be from ANZ. They may ask you to transfer money, open another account, provide your sensitive banking details or download software.
Remember, we will never ask you to:
Impersonation scams impersonate not only banks, but government agencies, organisations and even friends or family members. Here are some tips to help you protect yourself:
For more information about bank impersonation scams, visit ANZ Security hub – types of scams – bank impersonation scams.
If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.
Type:
Individuals should be aware of increased scam activity as sophisticated cyber criminals take advantage of the busy tax period. During this busy time, scammers may use sophisticated tactics to try and catch you off guard. There are various types of scams, and the intent is clear - they want to steal your money or personal information.
Cyber criminals attempt to take advantage of this time of year with tax-related impersonation scams, namely those appearing to originate from the Australian Tax Office (ATO) or other government services such as myGov.
Scammers may impersonate the ATO or myGov and threaten individuals and businesses with tax debt or offer rebates.
Individuals should stay alert to phishing, smishing (SMS phishing) and vishing (phone call phishing) scams. Always verify that requests are authentic before clicking on links, opening attachments or following instructions, particularly when it comes to your finances or personal information.
Otherwise, if you are unsure about the authenticity of a call or message, contact the ATO or applicable government service to verify.
Top tips to help protect yourself during tax time:
If you receive one of these messages, do NOT click on the link, and delete the message immediately.
If you’ve received and responded to a message that you now believe is a scam, have shared your ANZ banking details, or you’re concerned your personal details have been compromised, please contact us straightaway
You can also report scams at Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security hub.
Posted on 05 June 2024
Type:
The ASD's ACSC has published a high alert regarding increased cyber threat activity affecting Snowflake customer environments.
The ASD’s ACSC is aware of successful compromises of several companies utilising Snowflake environments.
ASD’s ACSC encourages Australian organisations who utilise Snowflake to reset credentials for active accounts, disable non-active accounts, enable Multi-Factor Authentication (MFA) and review user activity.
Snowflake has also published an advisory to assist in identifying instances of unauthorised access.
For more information, please read the Australian Cyber Security Centre’s alert, Increased cyber threat activity targeting Snowflake customers.
Posted on 05 June 2024
Type:
The ASD's ACSC has published a high alert regarding a vulnerability in Check Point’s Quantum Security Gateway devices that enables access of sensitive information to an unauthorised actor.
The ASD’s ACSC is aware of active exploitation of vulnerable instances.
ASD’s ACSC encourages Australian organisations to review their networks for use of vulnerable instances of Check Point’s Quantum Security Gateway and implement the mitigation advice provided by the vendor.
A hotfix for the vulnerability is available, and the ASD’s ACSC strongly recommends that affected Australian organisations patch this vulnerability as a matter of high priority.
For more information, please read the Australian Cyber Security Centre’s alert, CVE-2024-24919 - Check Point Security Gateway Information Disclosure.
Posted on 30 May 2024
Type:
We are aware of a new scam targeting customers of loyalty programs of large, well-known Australian companies (including but not limited to airlines, telecommunications and retail companies).
The scam is delivered to customers through a text message or email stating their loyalty points are expiring. This correspondence includes a link to a fake website, which prompts customers to login. Customers may also be asked to provide credit card details to use loyalty points.
If the customer follows the instructions as per the email or text, scammers will steal their points, login details and/or personal information to use on other platforms and commit identity fraud.
Tips to protect yourself from loyalty points scams:
For more information about this scam, visit Scamwatch.
If you’ve received and responded to a message that you now believe is a scam, have shared your ANZ banking details, or you’re concerned your personal details have been compromised, please contact us straightaway
You can also report scams at Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security hub.
Posted on 30 May 2024
Type:
Scammers may pose as online product comparison companies, financial firms, or create fake term deposit advertisements with better interest rates.
These fake advertisements can be difficult to spot.
If you share personal information on these fake websites and advertisements, a scammer might contact you, claiming to work for the promoting company and offer to open an account in your name. If you agree, you’ll be given fraudulent account details, and any money you transfer to this account will end up with the scammer.
If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.
Posted on 30 May 2024
Type:
We are aware of a new scam involving the collection of physical credit/debit cards. The scam may originate as a phone call, claiming to be your Telco, IT support, or an online payment provider regarding your device being compromised.
The scammer may request you to download remote access software (such as Anydesk or TeamViewer) to ‘clean’ your device. This software enables the collection of your personal information, screensharing and monitoring of your online activity.
The scammer calls again asking if you have received a call in the last few days requesting you to download remote access software, and that you have likely been hacked.
The scammer may then attempt to convince you to hand over your physical card(s) by claiming that your existing card is compromised and needs to be replaced. They might arrange to collect your physical card(s) from your home by a courier or bank representative.
If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.
Type:
You may receive a call claiming to be from ANZ asking you to authorise a transaction on your account. The call is commonly delivered as a recorded message (asking you to press 1 to proceed), however, it may also be someone cold calling you posing as an ANZ officer. We have also received reports of this scam being delivered via SMS with a number to call to “confirm” the transaction.
If you respond to the recorded message or contact the number provided in the SMS, you might speak with a scammer who will attempt to trick you into following instructions (e.g. transferring money to a “safe” account) with the objective of stealing your money or personal details.
ANZ will never ask you to share sensitive banking details (like your password, PINs, ANZ Shield code or one-time passcode (OTP) for payment in an email or SMS), click a link to log in to your account, grant remote access to your computer or device or transfer money to another account.
If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.
Type:
The ASD's ACSC has published a critical alert regarding vulnerabilities affecting Palo Alto’s PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls.
According to the ASD’s ACSC, the vulnerability can result in an unauthenticated attacker executing arbitrary code with root privileges on the firewall.
The ASD’s ACSC has stated that Australian organisations who have a Palo Alto Threat Prevention subscription can block attacks for this vulnerability by enabling Threat ID 95187.
For more information, please read the Australian Cyber Security Centre’s alert, OS Command Injection Vulnerability in GlobalProtect Gateway.
Type:
Messages appear to come from well-known companies and organisations such as the Australian Taxation Office (ATO) asking you for payment and with a link to proceed. The link typically directs you to a legitimate looking website to capture your card or banking details, often including the PIN or one-time passcode (OTP). The information you populate on these websites may be used to steal your money.
If you suspect fraud on your ANZ account or have shared financial information or transferred money, please contact us straightaway. You can also make a report to ReportCyber and Scamwatch.
Type:
The ASD's ACSC has published a critical alert regarding vulnerabilities affecting Fortinet’s FortiClientEMS 7.2 to 7.2.2 and FortiClientEMS 7.0 to 7.0.10.
According to the ASD’s ACSC, CVE-2023-48788 can result in remote code execution by an unauthenticated threat actor to execute unauthorised code or commands via a specifically crafted request.
ASD’s ACSC encourages Australian organisations to review their networks for use of vulnerable instances of the FortiClientEMS and apply patches available from Fortinet.
For more information, please read the Australian Cyber Security Centre’s alert, Critical vulnerabilities affecting Fortinet’s FortiClient EMS
Type:
ANZ understands that Tangerine Telecom is investigating a cyber-attack, resulting in the unauthorised access of its customers’ information.
Tangerine Telecom have advised via a media release that the information exposed may include personal information of their current and past customers.
Please visit Tangerine Telecom for further information.
Please refer to our dedicated Data Breach Customer Support page where you’ll find useful information and resources.
Type:
Applicable to individuals and IT teams of organisations and government who use Microsoft Office Outlook products.
The ASD's ACSC has published a critical alert regarding a vulnerability that exploits the Outlook preview pane as an attack vector, enabling malicious code execution in edit mode rather than the restricted protected view.
This vulnerability affects customers running the following Microsoft products:
Microsoft Office 2016
Microsoft Office LTSC 2021
Microsoft 365 Apps for Enterprise
Microsoft Office 2019
For more information, please read the Australian Cyber Security Centre’s alert, Microsoft Office Outlook Remote Code Execution Vulnerability.
Type:
In recent weeks, there have been numerous reports of data breaches in Australia and around the globe – all of which can lead to credential stuffing.
In a credential stuffing attack, the cybercriminal will use previously stolen usernames and passwords from one website and use them on other websites in the hope that users are re-using them – to get unauthorised access to their user accounts.
This may lead to fraudulent transactions being made using the payment information saved in the user accounts on these websites.
Attacks of this nature are becoming more prevalent. To help safeguard your money and your information, we want to remind you of the following tips:
Use a different password/passphrase for different accounts
Use multi-factor authentication (MFA) on all accounts, wherever possible.
Change your password/passphrase immediately, if impacted by a data breach.
If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.
Type:
ANZ is aware of a new scam on the rise involving “accidental deposits” on business customer accounts.
The scam begins with an unexpected payment being received in a customer’s account. The cybercriminal then contacts the customer stating that they’ve made an accidental deposit to the customer’s account, and requesting that they transfer the money back. The account the cybercriminal directs the customer to pay the “accidental deposit” is their own account.
Variations of this scam may involve a false call from the “bank” requesting funds to be transferred back into the sender’s account.
Please note, ANZ will never ask you to transfer funds to another account.
If someone pays you unexpectedly and requests the payment to be returned, ask them to reach out to their bank to initiate a recall instead. Do not send the money back yourself.
Always be wary of unexpected emails and messages as this may lead you to divulge your banking details - never click on links or download attachments from unexpected messages or emails.
If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.
Posted on 31 January 2024
Type:
We have observed another variation of the "Live Chat” bank impersonation scam whereby customers are asked to click on a link, via SMS or email to receive security assistance on their accounts.
This link leads to a fake ANZ website with a button to "Open live chat on Windows". The website may look very convincing. If the customer clicks on the button, software will be downloaded on the customer's device providing the scammer remote access to the device.
The scammer (impersonating an ANZ employee), may ask the victim to log into their online banking account, allowing the scammer to capture the customer's login credentials. The scammer may also take over the session and perform transactions or ask the customer to transfer their money into a "safe" account.
Please note, ANZ does not currently have a "live chat" feature.
Remember, ANZ will never ask you to:
Important reminder: Never provide sensitive banking details or access to anyone, even if they claim to work for ANZ.
If you’ve transferred money or shared your ANZ banking details in response to what you believe may be a scam, please contact ANZ immediately.
You can also report scams to Scamwatch. For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 29 January 2024
Type:
Applicable to businesses that are running or administering instances of Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS).
The ASD's ACSC has published a high alert regarding vulnerabilities in the Ivanti Connect Secure and Ivanti Policy Secure gateways. These vulnerabilities impact all supported versions – Version 9.x and 22.x.
ASD’s ACSC encourages impacted Australian organisations to apply any available mitigations and patches as soon as possible.
For more information, please read the Australian Cyber Security Centre’s alert, Critical vulnerabilities in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS).
Posted on 29 January 2024
Type:
The NASC urges Australians looking to earn extra money through online ‘side hustles’ to be careful of scammers. This warning comes after reported losses to Scamwatch for jobs and employment scams almost tripled in 2023 (from $8.7m in 2022 to $24.7m in 2023).
According to the Australian Competition and Consumer Commission (ACCC) Deputy Chair Catriona Lowe , “Scammers are targeting people looking for online work in their spare time, promising them guaranteed income from jobs that include boosting the ratings of products and services through an online platform. In some cases, the jobs are as simple as liking posts on social media such as TikTok videos.” These scammers typically pretend to be from well-known retailers, department stores or pose as social media marketing agencies.
The victims often report that they responded to an advertisement on social media about a job opportunity. The scammer will then contact the victim directly via encrypted messaging apps such as WhatsApp. “The scam operates similar to an online game, with victims reporting that they are pressured to make an initial investment of their own money, along with ongoing payments in order to ‘level up’ and receive a higher income which they never receive,” Ms Lowe said.
For more information, please read the ACCC media release, Looking to earn extra cash? Don’t lose money to a side hustle scam.
Posted on 19 January 2024
Type:
Applicable to businesses using Atlassian Confluence Data Center and Confluence Server.
The ASD's ACSC has published a critical alert regarding a remote code execution (RCE) vulnerability in Atlassian Confluence Data Center and Confluence Server.
ASD’s ACSC encourages Australian organisations to review their networks for use of vulnerable instances of Atlassian Confluence Data Center and Confluence Server, and consult Atlassian’s customer advisory for mitigation advice.
For more information, please read the Australian Cyber Security Centre’s alert, Remote Code Execution Vulnerability In Confluence Data Center and Confluence Server.
Posted on 19 January 2024
Type:
ANZ is aware of a cyber security incident, known as, credential stuffing, affecting major brands in Australia, including but not limited to Dan Murphy’s, Event Cinemas, Binge, The Iconic, Guzman y Gomez, and TVSN.
According to the Australian Cyber Security Centre (ACSC), credential stuffing is a type of hack in which cyber criminals use previously stolen passwords from one website and try to use them elsewhere – targeting those who reuse their passwords on multiple websites. This may lead to fraudulent transactions being made using the payment information saved in the user accounts on these websites.
Here are some tips to help you protect yourself online:
If you’ve received and responded to a message that you now believe is a scam, and have transferred money, shared your ANZ banking details and/or account credentials, contact ANZ immediately.
You can also report scams at Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 18 January 2024
Type:
Many Australians have recently been targeted by scams involving digital wallets.
Digital wallets enable eligible credit and debit card holders to store their card information on a device such as mobile phone, or wearable device such as a Fitbit. This enables the card holder to make transactions without the need to carry the physical card.
Whilst digital wallets are safe, it is important to consider that scammers may try to link your credit or debit card to their own device and make unauthorised purchases.
Digital wallet scams usually start with SMS messages that appear to come from well-known companies, for example Netflix, Linkt or the Australian Taxation Office (ATO). The messages suggest that your recent payment has failed, or that you are owed a refund, and your card details are required to be entered via a link. The link directs you to a legitimate looking website that is designed to maliciously capture your card details, often including the PIN. These details are used by the scammer to register the card information to a digital wallet on their device.
To complete the digital wallet registration, a verification code is sent to you by SMS. If the scammer obtains this verification code, they will be able to link your credit or debit card to their own device and make purchases with your card.
The scammer may wait several months before attempting to link your credit or debit card information to their device. When they do, they might impersonate a bank officer and convince you to divulge the verification code.
If you’ve received and responded to a message that you now believe is a scam, and have transferred money, shared your ANZ banking details and/or account credentials, contact ANZ immediately.
You can also report scams at Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 18 January 2024
Type:
Applicable to users of GitLab on any platform
The ASD's ACSC has published a critical alert regarding vulnerabilities affecting Gitlab Community Edition (CE) and Enterprise Edition (EE). The most severe vulnerability allows an account take over via the ability to have password reset emails delivered to an unauthenticated email address.
ASD’s ACSC encourages customers to patch to the latest version using the GitLab upgrade path and to enforce multi-factor authentication for all GitLab accounts.
For more information, please read the Australian Cyber Security Centre’s alert, Critical vulnerabilities in GitLab Products.
Posted on 17 January 2024
Type:
We are aware of a sophisticated scam that has been designed to steal banking information from individuals.
The scam begins with an SMS that claims to be from myGov or the Australian Tax Office (ATO). The SMS prompts the user to click on a link where they will be taken to a fake web page claiming the individual is entitled to an additional refund on their tax return and the individual must verify their bank details to receive it.
On this page, the individual will see a list of financial institutions to choose from. Once a selection has been made, they will be redirected to a fake internet banking login page which will capture the individual’s banking details.
The ATO states that they will never send you a text message asking you to click on a link to give personal information.
If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.
Posted on 14 December 2023
Type:
We have been made aware of an email impersonating ANZ asking recipients to click a link and respond to security questions for account verification. The fake email claims that the recipients account is under “review” and their profile will be locked unless they click the link and answer some “challenge questions” to “verify access”. The fake email also claims that access to online banking and the mobile banking app “will be disabled” unless the recipient follows the instructions in the email within “48 hours”. The website collecting responses from the link now has been taken down, but customers are still encouraged to be vigilant against such attempts which may access personal and/or financial information.
Impersonation scams impersonate not only banks, but government agencies, organisations and even friends or family members. Here are some tips to help you protect yourself:
If you have received and responded to a message that you now believe is a scam, have shared your banking details, or you are concerned your personal details have been compromised, contact ANZ immediately.
You can also report scams to Scamwatch. For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 12 December 2023
Type:
We are aware of a scam targeting online hotel and accommodation booking platforms users. Fake emails seemingly from the booking platform urgently asks users for payment authorisation to avoid cancellation of their booking. Another variation of this scam is notifying users that their payment was declined, and it needs to be resolved immediately.
These phishing emails contain guest and reservation details making them look legitimate and have links that users are urged to click on to process their payment and retain their reservation.
Scammers also set up official looking fake hotel and travel websites with prices that are too good to resist in order to lure unsuspecting victims.
Prevent falling for this scam by contacting the booking platform or hotel directly through verified contact details instead of the provided links in the emails and double check the sender’s address. Keep track of your finances and if there are unauthorised or duplicate charges, call your bank immediately.
For more information visit Security Centre at anz.com or Stay Cyber Safe.
Posted on 11 December 2023
Type:
Applicable to all businesses using Atlassian products including Confluence, Jira and Bitbucket
The ASD's ACSC has published a high alert regarding serious vulnerabilities in Atlassian products including Confluence, Jira and Bitbucket. It is noted that previous critical vulnerabilities in these products have been significantly exploited by cyber criminals.
ASD’s ACSC recommends that if you operate Confluence, Jira or Bitbucket, that you review the vendor advisories to determine if you are affected. Affected organisations are advised to act now to secure their systems by applying all vendor recommended mitigations.
For more information, please read the Australian Cyber Security Centre’s alert, Serious vulnerabilities in Atlassian products including Confluence, Jira and Bitbucket.
Posted on 27 November 2023
Type:
Applicable to all businesses using Citrix NetSCaler ADC and NetScaler Gateway
The ASD's ACSC has published a critical alert regarding vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway that may be in use on Australian networks.
ASD’s ACSC is aware that there have been successful exploitation attempts against Australian organisations and recommended that affected entities review the available mitigations and apply where possible as a matter of high priority.
The ASD’s ACSC has assessed that there is significant exposure to these Citrix NetScaler ADC and NetScaler Gateway vulnerabilities in Australia and that any future exploitation of these vulnerabilities would have a significant impact to Australian systems and networks. ASD’s ACSC advises that Australian organisations should review their networks for use of vulnerable instances of Citrix NetScaler ADC and NetScaler Gateway. The ASD’s ACSC has strongly urged affected organisations to install the relevant updated versions of Citrix NetScaler ADC and NetScaler Gateway as soon as possible.
For more information, please read the Australian Cyber Security Centre’s alert, Citrix Products NetScaler ADC and NetScaler Gateway Vulnerabilities.
Posted on 8 November 2023
Type:
The Home Affairs and Cyber Security Minister, Clare O’Neil has urged businesses to immediately address software vulnerabilities and conduct patch management to help prevent cyberattacks. (Australian Financial Review, 2023)
Businesses should ensure that software bugs are regularly patched and upgraded, for systems to function properly and securely.
Patches are updates that address specific software vulnerabilities. Cyber criminals can exploit these vulnerabilities when left unmanaged, leading to cyberattacks. Regular patching and updates can protect against cyber threats, but can also improve the performance of the system, thus keeping business operations running smoothly.
For more information, visit the Australian Cyber Security Centre and search for Alerts and Advisories.
Posted on 8 November 2023
Type:
We’re aware of an impersonation scam taking advantage of the Optus network outage on 8 November 2023.
If you think you’ve received an unusual message or call – or if you’d like to report fraud, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you. .
Posted on 08 November 2023
Type:
Fake product comparison websites created by scammers are being used to dupe people who are searching online for financial products like term deposits.
Scammers pose as online product comparison companies, promoting accounts with higher-than-average interest rates. If you share personal information on one of these sites, a scammer might contact you, claiming to work for the product comparison company and offering to open an account in your name. If you agree, you’ll be given bogus account details. Any money you transfer to this account will end up with the scammer.
If you think you’ve received an unusual message or call – or if you’d like to report fraud, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you. You can also report scams to the Australian Government’s Scamwatch.
Posted on 19 October 2023
Type:
It has come to our attention that scammers posing as Chinese authorities are contacting young people studying and/or living in Australia to financially extort them using various threatening and intimidating tactics.
Targeted individuals are contacted through phone calls or messaging apps like Telegraph, WhatsApp, or WeChat. Mandarin-speaking scammers pose as Chinese authorities, police, staff from the Chinese Embassy or Consulate, or immigration officials. These scammers are falsely threatening criminal charges, extradition and/or deportation unless money is sent to those scammers.
In a variation of this scam, instead of directly asking the targeted individual for money, scammers will force victims to fake their own kidnapping and take photographs of themselves in vulnerable positions. This will then be used by the scammers to manipulate the victim’s family into paying a ransom.
If you’ve received and responded to a message that you now believe is a scam, and have transferred money or shared your ANZ banking details and/or account credentials, contact ANZ immediately.
You can also report scams to the Australian Government’s Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security Centre. Content is available in simplified and traditional Chinese via Scamwatch.
Posted on 08 September 2023
Type:
We are aware of an emerging scam targeting elderly Australians through fake websites or cold calls claiming to supply seniors discount card memberships.
According to the National Anti-Scam Centre (NASC), seniors may be targeted through a fake website that claims to be “officially approved” and offers to provide seniors discount card membership for a fee. In other instances, scammers are cold calling the elderly offering a fake seniors discount card and are asking for personal information over the phone. If personal information is subsequently provided to the scammer, they may use this information to commit identity fraud.
Please be aware that government bodies within Australia supply seniors card memberships for no cost, and therefore, seniors will never be asked to pay a membership or application fee.
Tips to help protect yourself or your loved ones:
If you’ve received and responded to a message that you now believe is a scam, have shared your ANZ banking details, or you’re concerned your personal details have been compromised, contact ANZ immediately.
You can also report scams to Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 24 August 2023
Type:
ANZ is aware of SMS phishing scams that impersonate toll road operators. These scams typically claim that an overdue toll notice is outstanding and needs to be settled immediately. Individuals may be threatened with late fees, severe penalties or negative impacts on credit scores for non-compliance. Scammers might claim that the individual’s vehicle may be (or has been) suspended.
To resolve the issue, the individual is prompted to follow a link to a fake website, designed to steal personal or financial details.
These SMS messages may come from a random number, or may be ‘spoofed’, appearing to originate from the legitimate toll road operator.
Remember:
If you’ve received and responded to a message that you now believe is a scam, and have transferred money, shared your ANZ banking details and/or account credentials, contact ANZ immediately.
You can also report scams at Scamwatch. For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 18 August 2023
Type:
Customers are advised that we’ve identified fake websites impersonating ANZ Transactive Global, with searches for ANZ Transactive being redirected to a fake site. The fake website’s log in page asks for a customer’s User ID, Password, Token or ANZ Digital Key, and mobile number to urgently update customer details through a series of verification pages, and ends with a message saying an ANZ representative will be calling them shortly. This information gives the fraudster enough details to be able to gain trust as an ANZ employee with the intention of committing fraud.
Fraudsters pay for ads to secure top search engine positions, exploiting users' trust and increasing the likelihood of successful scams.
Tips to help you bank securely:
If you’ve received and responded to a message that you now believe is a scam, and have transferred money, shared your ANZ banking details and/or account credentials, contact ANZ immediately.
You can also report scams at Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 10 August 2023
Type:
We are aware of scammers building relationships with people in order to build their trust and subsequently luring them into an investment scam. The scam starts with an unexpected message or request (including via email, social media platforms, messaging apps, etc.) from the scammer using a fake identity.
Once the scammer has built the individual’s trust, the scammer then manipulates the individual into believing they should quickly transfer money and/or provide personal and financial details to take advantage of a low-risk, high return investment. The scammer may offer to help the individual with their investments (by claiming to set up their accounts or trade on their behalf) or offer to teach the individual how to invest.
The scammer will typically disappear after the payment has been made or continue seeking opportunities to collect more money.
How to help protect yourself from Romance-Investment Scams:
You should make your own reasonable enquiries and check if a financial adviser is registered via the ASIC website and check ASIC’s list of companies you should not deal with. If the company that is asking for your investment is on the list – do not deal with them.
If you’ve received and responded to a message that you now believe is a scam, and have transferred money, shared your ANZ banking details and/or account credentials, contact ANZ immediately.
You can also report scams at Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 27 July 2023
Type:
New variation of the bank impersonation scam detected
We have observed a new variation of the bank impersonation scam where an SMS, appearing to be from ANZ, is sent to customers advising them to expect a call from ANZ relating to "transaction issues".
During the call, customers are prompted to click on a link, provided in another SMS, to assist in resolving these issues. This link leads to a fake ANZ website with a button to begin "ANZ Live Chat". This website may look very convincing. If the customer clicks on the button, software will be downloaded on the customer's device providing the scammer remote access to the device.
The scammer (still impersonating an ANZ employee), will ask the victim to log into their Internet Banking, allowing the scammer to capture the customer's login credentials. The scammer may also take over the session and perform transactions or ask the customer to transfer their money into a "safe" account.
Remember, ANZ will never ask you:
If you’ve received and responded to a message that you now believe is a scam, and have transferred money, shared your ANZ banking details and/or account credentials, contact ANZ immediately.
You can also report scams at Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 26 July 2023
Type:
We are aware of a new scam targeting customers of loyalty programs of large, well-known Australian companies (including but not limited to airlines, telecommunications and retail companies).
The scam is delivered to customers through a text message or email stating their loyalty points are expiring. This correspondence includes a link to a fake website, which prompts customers to login. Customers may also be asked to provide credit card details to use loyalty points.
If the customer follows the instructions as per the email or text, scammers will steal their points, login details and/or personal information to use on other platforms and commit identity fraud.
Tips to protect yourself from loyalty points scams:
For more information about this scam, visit Scamwatch.
If you’ve received and responded to a message that you now believe is a scam, and have transferred money, shared your ANZ banking details and/or account credentials, contact ANZ immediately.
You can also report scams at Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 21 July 2023
Type:
Individuals should be aware of increased scam activity as sophisticated cyber criminals take advantage of the busy tax period. During this busy time, scammers may use sophisticated tactics to try and catch you off guard. There are various types of scams, and the intent is clear - they want to steal your money or personal information.
Cyber criminals attempt to take advantage of this time of year with tax-related impersonation scams, namely those appearing to originate from the Australian Tax Office (ATO) or other government services such as myGov.
Scammers may impersonate the ATO or myGov and threaten individuals and businesses with tax debt or offer rebates.
Individuals should stay alert to phishing, smishing (SMS phishing) and vishing (phone call phishing) scams. Always verify that requests are authentic before clicking on links, opening attachments or following instructions, particularly when it comes to your finances or personal information.
Otherwise, if you are unsure about the authenticity of a call or message, contact the ATO or applicable government service to verify.
Top tips to help protect yourself during tax time:
If you receive one of these messages, do NOT click on the link, and delete the message immediately.
If you’ve received and responded to a message that you now believe is a scam, and have shared your banking details, account credentials, or you’re concerned your personal details have been compromised, contact ANZ immediately.
You can also report scams at Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 04 July 2023
Type:
Online sale and marketplace scams using PayID, cheque and other payment channels
We are aware of scammers targeting individuals who are selling items through online marketplace and selling platforms.
Examples include:
PayID scam
Common variations of the scam include the scammer offering to purchase the goods via a PayID associated with an email.
If agreed, the scammer then claims that either:
Having the seller's email, the scammer may also send a fake email appearing to originate from ‘PayID’ as ‘evidence’ of the payment, further pressuring the seller into ‘reimbursing’ them.
This is a scam, and the seller does not receive any money to their account.
PayPal scam
Similar to the PayID scam, the scammer poses as a buyer purchasing goods through PayPal. If the seller agrees to the sale, a scam email may be received claiming that the “buyer” has paid for the goods, but there was an issue with the payment because the seller doesn’t have a business account. The scammer at this point may claim to have paid for the upgrade and requests a ‘reimbursement’, alternatively, they may continue to email the seller requesting personal/financial details and screenshots of the seller’s PayPal account.
The seller does not receive any money into their account.
The following is an example of such a scam:
Cheque scam
Typically, the scammer requests to pay for the goods with a cheque and asks the seller for their account details.
If agreed, the scammer then deposits a valueless cheque into a smart ATM. The sellers account may indicate that money has been deposited, reflected under their account ‘Balance’, instead of under ‘Funds’. These terms may differ depending on who you bank with.
Believing they have been paid, sellers then release the goods to the buyer. However, the cheque is later dishonoured, and the customer is not paid for the item.
Remember:
*PayID is a secure way to help you make and receive fast payments between banks. For more information, visit anz.com/payid
If you believe you may have fallen victim to a scam, follow the steps outlined on the Report bank fraud page.
You can also report scams at Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 20 June 2023
Type:
ANZ is aware of a cyber-security incident at the Australian law firm, HWL Ebsworth (HWLE).
HWLE is one of the legal firms ANZ uses to provide legal advice. The incident has not affected ANZ’s systems.
ANZ understands the unauthorised access by a third-party to HWLE’s systems has resulted in the disclosure of personal and confidential information of HWLE clients.
What we are doing:
We have developed a dedicated Data Breach Customer Support page where you will find supporting resources and frequently asked questions.
If you are an ANZ customer, please ensure you look out for unusual or fraudulent activity. If you would like increased security across your accounts, please contact us or Report bank fraud immediately.
More information relating to this incident is available on the HWL Ebsworth website or contact HWLE at hwlecyberhelp@hwle.com.au
Posted on 09 June 2023
Type:
Investment scams are on the rise, particularly those involving cryptocurrency. Cryptocurrency is a form of digital currency such as Bitcoin.
A scenario we are aware of are scammers posing as ‘advisors’ tricking individuals who have invested in cryptocurrency, into handing over their login credentials. Once they have access to the cryptocurrency wallet, the scammer transfers the cryptocurrency out, rather than investing the funds as the individuals are led to believe. The scammers often appear very professional and knowledgeable and may impersonate legitimate organisations.
You can find out more about different types of investment scams at Scamwatch.
Be aware of the alarm bells. According to Moneysmart, signs of an investment scam may include:
To reduce the risk of your falling for an investment scam, we recommend that you perform sufficient checks before giving your details to an unsolicited caller or reply to emails offering financial advice or urgent investment opportunities. You should make your own reasonable enquiries and check if a financial adviser is registered via the ASIC website and check ASIC’s list of companies you should not deal with. If the company that is asking for your investment is on the list – do not deal with them.
If you suspect fraud on your account or have shared financial information or transferred money as a result of this scam, please contact us straightaway. Our Customer Protection Team is available 24/7 to help you.
You can also report scams to the Australian Government’s Scamwatch and the Australian Cyber Security Centre’s ReportCyber.
Posted on 10 May 2023
Type:
We are aware of a new phishing campaign circulating.
The SMS message appears to come from ‘myGov’ and states that “Eligible individuals can receive a one-time payment of $750 to help with their living expenses”. In the example above, an illegitimate link to a website has been included in the SMS message and if individuals click the link, it may direct them to a fake ‘myGov’ website.
Scammers are targeting myGov, and reports to the Australian Competition and Consumer Commission (ACCC)’s Scamwatch regarding myGov email and SMS message scams have increased by 160% in the month from December 2022 to January 2023.
The ACCC Scamwatch has warned individuals to stay vigilant about myGov scams and advised against clicking on a link included in an email or SMS message, or to share any personal information. myGov will never send you an email or SMS message with a link directing you to a website to sign in to your myGov account.
If you receive one of these email or scam SMS messages, do NOT reply to the message, do NOT click the link, and delete the message immediately.
If you’ve received and responded to a message that you now believe is a scam, and have transferred money, shared your ANZ banking details and/or account credentials, contact ANZ immediately.
You can also report scams at Scamwatch.
For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 01 May 2023
Type:
ANZ is aware of a new scam text message which appears to come from ANZ. The text message states that the customer’s debit card needs additional verification, and a link is provided to reactivate the card.
The link in the text is similar to the correct ANZ website address (anz-login.com instead of the correct link anz.com). If clicked, the link will take you to a site that looks legitimate but has been designed to steal your personal information. In this instance, customers are being asked to reveal their Customer Registration Number (CRN), internet banking password, email, password, and mother’s maiden name. Customers are also being asked to provide images of identification documents.
Remember, ANZ will never email, call or text message you, asking for personal information like your password, PIN, one-time password (OTP) for payments, RSA token, ANZ Shield or ask you to transfer funds into another account.
If you receive one of these messages, do NOT click on the link, delete the message immediately.
If you’ve received and responded to a message that you now believe is a scam, and have shared your banking details, account credentials, or you’re concerned your personal details have been compromised, contact ANZ immediately.
You can also report scams at Scamwatch. For more information on how to protect yourself online, please visit the ANZ Security Centre.
Posted on 01 May 2023
Type:
ANZ is aware that Latitude Financial Services is investigating a cyber-attack, resulting in the unauthorised access of its customers’ information.
Latitude Financial Services has advised the information exposed may include identification documents of prospective applicants, current and past customers, BSB numbers, account numbers and credit card numbers.
More information is available on the Latitude Financial Services website, and at IDCARE.
Please refer to our dedicated Data Breach Customer Support page where you will find more useful information and resources.
If you are an ANZ customer, please ensure you look out for unusual or fraudulent activity. If you would like increased security across your accounts, please contact us or Report bank fraud immediately.