These fresh phishes, however, objective two very dissimilar groups of users.
The first campaign is meant at internet users of ANZ, one of the ‘big four’ Australian banks; the second is aimed at online users of the web doorway of a large school in North America.
ANZ Bank has a strict policy to ensure that all our customer online banking details are secure and updated regularly. This is done for your own protection because some of our clients no longer have access to their online banking service due to fraudulent activities suspected by the bank management.
In order to make sure that your online banking experience is even more safe and secure, we have introduced a new security feature that allow us to detect any unusual activity on your account. So with regards to this development, to update, re-activate and verify your online banking account login details CLICKHERE
Thank for your understanding. We hope to serve you more better.
The email above takes you to the Google Docs form shown below:
* The web hosting for the phishing forms and the fraudulently-collected data is provided, free of charge, by Google.
* The Google Docs user interface provides a simply and snazzy front end for designing the form.
* Google Docs can automatically generate emails to prospective victims inviting them to click through to the phishing form.
* The results are automatically and conveniently collected into a password-protected spreadsheet, which can be retrieved from anywhere.
* The URL uses HTTPS, which gives it an aura of security.
* The URL takes you to a google.com domain, which gives it an aura of legitimacy.
Of course, anyone can create a Google account, create surveys and collect results.
So, the security and legality of the https://docs.google.com/ URL is important for legitimate users of Google’s services, but it doesn’t, by itself, vouch for the sincerity and honesty of the account holder.
Yet, despite the safe-looking URLs, phishes of this kind are easy to spot, and just as easy to avoid.
1. Don’t click on links in emails which could have come from anywhere. If they could have come from anywhere, they probably did.
2. Even if it looks legitimate, never use any URLs, phone numbers or other ‘calls-to-action’ provided in a security-related email. Find your own way to the company’s website or support line.
3. If you’re a native English speaker, take a careful look for grammatical and spelling errors. Scammers often make give-away mistakes.
By the way, Google Docs forms comprise a Report Abuse link at the bottom. This link is generated in Google’s cloud, and so cannot be detached by a cyber crook.
So, if you find physically on a form which you suddenly realize is bogus, you can without difficulty report it so Google can take some deed.
Of course, this raise the question, how do you know the Report Abuse link is lawful?
Initially, if you copy the link and paste it into the address bar physically, it will link back into Google’s cloud, amazing like this:
Secondly, when you report a dishonest link to Google, you won’t be asked to do anything except to categories it. You won’t be asked for a username, password, email address, or any other individual information.