Hackers are sending a scam SMS to Australian and New Zealand users and when they open the link received in the SMS, users gets redirected to fake website that looks real like Australian banks.
The website actually looks absolutely real like your bank’s online portal and users can easily get trapped. A SMS phishing is on the rise and people receiving scam SMS are take to fake website that looks similar and legitimate to those of real Australian banks and thereby cybercriminals are collecting personal information and login credentials.
Also read: How to recognize phishing scams or emails?
How it Works?
Hacker sends a short scam messages are sent to targeted users, containing links and looks like that it is coming from legitimate banking institution, but actually it is fake and not from any legitimate banking organization. Clicking on the links redirects users to fake websites but it looks real.
The above image is the sample page provided by the Australia’s communications watchdog that shows that how dangerous the scam is. The ANZ Internet Banking mobile page both fake and real are so much identical that it becomes very complicated to tell which site is real and which is one is fake. If there is any difference then the difference is in the URL, which can be overlooked and easily mistaken by the normal users.
The victims are asked for Customer Registration Number and a Password along with the Log-in button.
People have already been alerted to all mobile phone users in both countries – New Zealand and Australia.
The banks which are likely to be in target are ANZ, National Australia Bank, GE Money, Bank of Queensland, St George, Heritage and Macquarie, Suncorp and Bendigo. The ACMA has come to know about this scam when several number of users have started to report it via ACMA’s SMS spam reporting number. Apart from this ACMA has also educated people that scammers or hackers are steadily targeting different banks. They said that “It appears that the criminals behind this campaign are constantly refining their messages and the associated fake imitation banking websites to increase their chance of success”.
To know what victim should do if they have already provided the login credential to the fake website, then read this - http://www.keepbrowsersafe.com/online-banking-sms-scam-that-collects-victims-login-credentials-with-fake-websites
