Recent ANZ spoof email nearly got me. Started "G'day sir"
— Jez Symes. (@Jez2a) July 14, 2012
Expert Comments below:
James Linton, Lead Researcher at Agari Cyber Intelligence Division (ACID):
Brand spoofing scams where attackers pretend to be your brand have been around for a long time. And it still carries on today.
Brand spoofing scams, when done well, can have a high success rate of victims following through with the instructions presented to them. We have seen this type of scam spoofing brands such as Microsoft, Apple and Amazon. Hackers go for the big brands because the likelihood of the person using/owning an account is high. The same reasoning must have led hackers to spoof ANZ Bank in order to scam their customers. Even if the hackers get 1% success rate in completed forms, that still equates into hundreds or thousands of victims that will probably see a phase two attack carried out on them specifically. And judging by the sophistication, time and effort put into this current scam, the subsequent attacks will carry on as personalised, well-researched attacks, in order to maximise their success rates. We see this type of behaviour in some of the cyber gangs that we investigate ourselves at Agari. Once a cyber gang uses a particular method, they will hone their skill further in that particular method.
What is particularly clever in this attack, is that they have mirrored online security measures that any bank could very well put in place. With the rise of online safety awareness programmes that banks promote to their customers, it is no wonder that hackers are weaponizing that knowledge against their customers. Banks are always reassuring customers that they take the protection of their personal data seriously, and this email does that very well. Unfortunately for the ANZ customers, this email and the website are fake, and their details are being farmed for malicious purposes
Online criminals are becoming increasingly aware that the success of their credential phishing campaigns rely heavily on their ability to replicate the spoofed web page down to the smallest detail. It’s fairly common for pages like this to automatically redirect to the genuine website once the customer has been tricked into entering their details, so any jumps in the design as this occurs would be cause for alarm and may result in the phishing page being spotted and shutdown. As with the most well thought out phishing attempts, the criminals are simply looking to blend in with the genuine requests for action that land in your inbox, so be aware of this aspect of your email world, and make complying with requests a considered decision.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.