The Australia and New Zealand Banking Group (ANZ Bank) has become the latest bank to be targeted by site spoofers attempting to collect customer details with a combined assault of a cloned site with a tweaked log-in script accompanied by a plague of spam instructing customers to submit their details.
ANZ is the third Australian bank in as many months to be targeted by scammers.
A spokesperson for ANZ said that the incident is currently being investigated by the Australian Federal Police and bank investigators, adding that customers who had fallen for the scam were having their accounts checked and passwords reset by the bank.
The spokesperson would not comment on the capability of the clone site to capture customer details other than to say that a full investigation was under way.
The spam mail contents, along with headers and IP addresses have been posted to a discussion list along with an appeal for the bank and the police to do something.
The spam purports to be from the bank and reads:
"Our new security system will help you to avoid frequently fraud transactions and to keep your investments in safety.
"Due to technical update we recommend you to reactivate your account.
"Click on the link below to login and begin using your updated ANZ account.
"To log into your account, please visit the ANZ Website at (deleted)…"
Apparently adroit at basic marketing but poor on grammar, the spam concludes with: "We appreciate your business. It's truly our pleasure to serve you."
A security analyst said that the fake site appears to be running Apache 1.3.27 whereas ANZ's real site was running IIS 4. Hosting for scam site's server has been tracked back to Florida and Massachusetts. The miscreant URL was http://18.104.22.168/ and, according to ANZ, got the big red switch pulled by midday Friday. A number of other URLs are also under investigation.