Fraud protection.
Now it’s personal.
ANZ Falcon® technology monitors millions of transactions every day to help keep you safe from fraud.
Falcon® is a registered trademark of Fair Isaac Corporation.
Latest scams, fraud and security alerts
Stay up-to-date with emerging cyber threats, scams and other important online risks as they happen. Or, if you're a business owner, take a look through business security news 
that could impact you.
Explore the latest alerts below, and make informed decisions to help keep your personal and banking details safe.
Jump to
Business owners: See latest security alerts
March 2024
Posted on 31 March 2024Phishing messages appearing to come from well-known organisations
Type: 
How does it work?
Messages appear to come from well-known companies and organisations such as the Australian Taxation Office (ATO) asking you for payment and with a link to proceed. The link typically directs you to a legitimate looking website to capture your card or banking details, often including the PIN or one-time passcode (OTP). The information you populate on these websites may be used to steal your money.
How to protect yourself
- Do not click on unusual links or unexpected attachments in emails or messages.
- Independently contact the organisation or government department to verify the message you received is legitimate.
- You can lock your credit or debit card through ANZ internet banking or the ANZ app if you are concerned your card details have been compromised.
Tangerine Telecom alert
Type: 
What is this alert?
ANZ understands that Tangerine Telecom is investigating a cyber-attack, resulting in the unauthorised access of its customers’ information.
Tangerine Telecom have advised via a media release that the information exposed may include personal information of their current and past customers.
Please visit Tangerine Telecom for further information.
How to protect yourself
Please refer to our dedicated Data Breach Customer Support page where you’ll find useful information and resources.
Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)
Type: 
What is this alert?
Applicable to individuals and IT teams of organisations and government who use Microsoft Office Outlook products.
The ASD's ACSC has published a critical alert regarding a vulnerability that exploits the Outlook preview pane as an attack vector, enabling malicious code execution in edit mode rather than the restricted protected view.
This vulnerability affects customers running the following Microsoft products:
Microsoft Office 2016
Microsoft Office LTSC 2021
Microsoft 365 Apps for Enterprise
Microsoft Office 2019
For more information, please read the Australian Cyber Security Centre’s alert, Microsoft Office Outlook Remote Code Execution Vulnerability.
How to protect yourself
- ASD’s ACSC encourages all Microsoft Office Outlook users to follow Microsoft’s mitigation advice.
Credential stuffing - a growing issue
Type: 
How does it work?
In recent weeks, there have been numerous reports of data breaches in Australia and around the globe – all of which can lead to credential stuffing.
In a credential stuffing attack, the cybercriminal will use previously stolen usernames and passwords from one website and use them on other websites in the hope that users are re-using them – to get unauthorised access to their user accounts.
This may lead to fraudulent transactions being made using the payment information saved in the user accounts on these websites.
How to protect yourself
Attacks of this nature are becoming more prevalent. To help safeguard your money and your information, we want to remind you of the following tips:
Use a different password/passphrase for different accounts
Use multi-factor authentication (MFA) on all accounts, wherever possible.
Change your password/passphrase immediately, if impacted by a data breach.
“Accidental Deposit” scam
Type: 
How does it work?
ANZ is aware of a new scam on the rise involving “accidental deposits” on business customer accounts.
The scam begins with an unexpected payment being received in a customer’s account. The cybercriminal then contacts the customer stating that they’ve made an accidental deposit to the customer’s account, and requesting that they transfer the money back. The account the cybercriminal directs the customer to pay the “accidental deposit” is their own account.
Variations of this scam may involve a false call from the “bank” requesting funds to be transferred back into the sender’s account.
Please note, ANZ will never ask you to transfer funds to another account.
How to protect yourself
If someone pays you unexpectedly and requests the payment to be returned, ask them to reach out to their bank to initiate a recall instead. Do not send the money back yourself.
Always be wary of unexpected emails and messages as this may lead you to divulge your banking details - never click on links or download attachments from unexpected messages or emails.
Business alerts
The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) has published a critical alert
Type:
The ASD's ACSC has published a critical alert regarding vulnerabilities affecting Fortinet’s FortiClientEMS 7.2 to 7.2.2 and FortiClientEMS 7.0 to 7.0.10.
According to the ASD’s ACSC, CVE-2023-48788 can result in remote code execution by an unauthenticated threat actor to execute unauthorised code or commands via a specifically crafted request.
ASD’s ACSC encourages Australian organisations to review their networks for use of vulnerable instances of the FortiClientEMS and apply patches available from Fortinet.
For more information, please read the Australian Cyber Security Centre’s alert, Critical vulnerabilities affecting Fortinet’s FortiClient EMS
Critical alert from the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC)
Type:
What is this alert?
Applicable to individuals and IT teams of organisations and government who use Microsoft Office Outlook products.
The ASD's ACSC has published a critical alert regarding a vulnerability that exploits the Outlook preview pane as an attack vector, enabling malicious code execution in edit mode rather than the restricted protected view.
This vulnerability affects customers running the following Microsoft products:
Microsoft Office 2016
Microsoft Office LTSC 2021
Microsoft 365 Apps for Enterprise
Microsoft Office 2019
For more information, please read the Australian Cyber Security Centre’s alert, Microsoft Office Outlook Remote Code Execution Vulnerability.
How to protect yourself
- ASD’s ACSC encourages all Microsoft Office Outlook users to follow Microsoft’s mitigation advice.
App Store is a service mark of Apple Inc. Google Play and the Google Play logo are trademarks of Google LLC