Customers of the ANZ Banking Group have been warned not to open spam emails claiming that their accounts have been suspended.
The emails ask recipients to call a phone number based in Sydney in order to have their accounts restored – but this could lead to a follow-up call to a high tariff number, leading money to be drained from customers.
Kaspersky Lab researchers are calling this ‘callware’ and warned that individuals could be encouraged to give out banking information over the phone.
Speaking to Computerworld Australia, an ANZ Banking Group spokesperson said: “We advise all customers to remain vigilant about these types of scams and to only contact ANZ Bank via the numbers published on our website.”
They added that a fraud money back scheme is in place at the bank, providing the customer did not contribute to their loss and took steps to inform ANZ immediately.
Kaspersky Lab recently released its spam monitoring report for July, which showed that 71.2 per cent of total email traffic was spam last month.
The study found a lack of variety among malware targets, as almost every malicious program was in search of personal user data and in most cases, involved programs from banking Trojan families.
Malicious users were also found to use fake emails that were designed to look like official correspondence from banks, social networks, delivery services or online stores.
Darya Gudkova, head of Kaspersky Lab’s content analysis department, noted that Android devices are especially under threat, showing a growing need for vulnerability management.
He commented: “The appearance of this new threat in the top 20 spam ratings confirms our expectations – the steady growth of Android users will inevitably lead to an increase in the number and variety of these types of threats.
“These programs capable of sending out text messages will no doubt soon be joined by Trojans that steal confidential data.”
The experts at Kaspersky Lab warned that the variations of the Trojan affecting the Android operating system now mean that malicious users can intercept transaction confirmation codes.
These are typically sent out by banks to their customers using a variety of methods – such as text message – and are then rerouted to the cyber criminals themselves.
Attackers are making their methods increasingly sophisticated, therefore making the challenges even greater for organisations hoping to protect their systems against threats.