First published: 19th February 2013
The Hong Kong Monetary Authority (HKMA) has issued an alert concerning an e-mail purporting to be sent from Australia and New Zealand Banking Group Limited (ANZ). The email entices the bank's customers to follow an embedded link to a fake online banking login page. ANZ does not have the policy of sending e-mails asking its customers to provide their passwords or verify their account information online. If you have provided personal information or conducted financial transactions on the fake website contact ANZ at 2176 8888 and any local police station or the Commercial Crime Bureau of the Hong Kong Police Force at 2860 5012.
The fraudulent login page was set up on the domain www.vyhlidkaskalsko.cz, which appears to be the website of the Lookout Restaurant - Skalsko in the Czech Republic, north-east of Prague. The login page no longer exists.
An HKMA spokesperson advised, “Members of the public are reminded not to access their Internet banking accounts through hyperlinks embedded in e-mails, Internet search engines or suspicious pop-up windows. Instead, they should access their Internet banking accounts by typing the website addresses at the address bar of the browser, or by bookmarking the genuine website and using that for access. If in doubt, they should contact their banks.”
Yui Kee's Chief Consultant Allan Dyer commented, "Unfortunately, many innocent businesses are facilitating crime by not securing their websites. Once a criminal has access, they can use the site for fake bank login pages, as seen in this case, drive-by infection, search engine stuffing or many other nefarious activities. Businesses should make sure their hosting provider values security, is keeping their content management system up-to-date, and they are using strong passwords and access methods."