ANZ is the third Australian bank in as many months to be targeted by scammers using a combined assault of a cloned site with a tweaked login script accompanied by a plague of spam instructing customers to submit their details.
A spokesperson for ANZ said police and bank investigators were looking in to the incident, adding that customers who had fallen for the scam were having their accounts checked and passwords reset by the bank.
The spokesperson would not comment on the capability of the clone site to capture customer details other than to say that a full investigation was under way.
The spam mail contents, along with headers and IP addresses, have been posted to a discussion list along with an appeal for the bank and the police to do something.
The spam purports to be from the bank and reads:
"Our new security system will help you to avoid frequently fraud transactions and to keep your investments in safety.
"Due to technical update we recommend you to reactivate your account.
"Click on the link below to login and begin using your updated ANZ account.
"To log into your account, please visit the ANZ Website at [deleted]…"
Adroit at basic marketing but poor on grammar, the spam concluded with: "We appreciate your business. It's truly our pleasure to serve you."
A security analyst said the fake site appeared to be running Apache 1.3.27, whereas ANZ's real site was running IIS 4. Hosting for the scam site's server has been tracked back to Florida and Massachusetts.