Australia is in the crosshairs of duplicate attacks.
Just yesterday we learned of a malware campaign that was being sent to unsuspecting users through fake emails claiming to be from the Australian Securities and Investments Commission. Today, a near duplicate attack is being delivered disguised as correspondence from ANZ Bank.
The message appears to be a convincing message from the Australian bank. The sender appears to be coming from the actual correspondence email address of ANZ bank, however a simple hover of a mouse will show that this is not the actual address. Hint, for those on android phones, you can press and hold on the sender’s displayed name to see the actual email address. If it is longer than what will show in the preview, you can start a reply message and tap the name in the “To:” area to see the full address.
The attackers have also included a security message within the email, “ANZ will not send you an email or SMS asking you to verify account details, financial details or login details for ANZ Phone Banking, ANZ Internet Banking or ANZ Mobile Banking”. This adds to the false legitimacy of the message.
Again, just like yesterday’s ASIC attack, this attack is originating from a domain that was recently registered in China. It’s very likely that both these attacks are coming from the same attackers, and even more likely that we shall see more of the same.