According to Sophos researcher Paul Ducklin, the ANZ Bank phishing scam includes a fraudulent email that reads as follows:
“ANZ Bank has a strict policy to ensure that all our customer online banking details are secure and updated regularly. This is done for your own protection because some of our clients no longer have access to their online banking service due to fraudulent activities suspected by the bank management. In order to make sure that your online banking experience is even more safe and secure, we have introduced a new security feature that allow us to detect any unusual activity on your account. So with regards to this development, to update, re-activate and verify your online banking account login details Click Here.”
The link in the email takes the individual to a legitimate Google Docs survey form asking the customer to input full name, email address, customer registration number, and password.
Ducklin explained that using Google Docs for phishing surveys has a number of benefits for cybercriminals: web hosting for phishing forms and fraudulently collected data is provided free of charge by Google; the Google Docs user interface provides a “simply and snazzy front end” for designing the form; Google Docs can automatically generate emails to prospective victims inviting them to click through to the phishing form; the results are collected into a password-protected spreadsheet, which can be retrieved from anywhere; the URL uses https, which gives the impression of a secure site; the URL takes the user to a google.com domain, which provides an aura of legitimacy; and anyone can create a Google account, create surveys, and collect results.
“So, the security and legitimacy of the https://docs.google.com/ URL is important for legitimate users of Google's services, but it doesn't, by itself, vouch for the honesty and integrity of the account holder”, he cautioned.