ANZ customers are being warned to be extra vigilant with email fraud as a new wave of nifty scams swarm inboxes across Australia.

The phishing scam lures victims by mirroring the official ANZ online banking website which fools customers into handing over their vital banking data, including their username, password and answers to secret questions.

"ANZ" is shown as the sender with the subject titled: "Successful BPAY Payment Advice".

The email explains that a user-requested BPAY payment has been unsuccessful and includes several details such as a customer code, payment amount and payment date.


They are told $2542.75 has been attempted to be set up as a monthly payment and directs the customer to click on the link titled: "view transaction history and provide detail".

The link takes unsuspecting victims to an official-looking ANZ login page which invites them to enter their username and password.

Once they have entered their login details, users are redirected to a page that simulates a blocked account scenario with three challenge questions to be answered.

But they are continuously told their answers are incorrect.

"This sole purpose of this elaborate phishing scam is to harvest the login credentials of ANZ customers so the criminals behind this scam can break into their bank accounts," email security company MailGuard says on its site.

"By typing in your account number and password, you're handing this sensitive account information to cybercriminals.

"If you also tell the scammers details of your security questions and answers, it allows them to attempt other fraudulent actions, such as calling them back and trying to access your accounts."

MailGuard said the intricate nature of the scam including the accurate depiction of the bank's branding as well as the direction to answer security questions enhances risk of being scammed.


"This only adds on to the sense of legitimacy evoked by the email as updates on account safety is a common notification expected of such a well-established bank," the company said.

The scam replicates the ANZ website. Image/File.
The scam replicates the ANZ website. Image/File.

"All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details."

ANZ advises customers that it does not send emails asking for personal information or security credentials.

Given the scam is being conducted online, it could also potentially impact unsuspecting New Zealanders.

It also recommended customers do the following to prevent online fraud attempts:

• Check the address bar of your browser to see if ANZ's website address has changed from http:// to https://
• Check to see if a security icon that looks like a lock or a key is visible near the address bar on any page that you need to enter your security credentials.