Clarification and explanation of recent media reports regarding internet banking web sites - SSO-AL2009-005

06 February 2009

What is the problem?

Recent media reports have incorrectly claimed that ANZ's internet banking facilities have been compromised by criminals to capture banking details and presumably steal customer's funds. This report is incorrect - ANZ's web site remains secure, as does the communication channels between ANZ's web site and home computers.

What has actually occurred is more complex. Some banking customers' computers have been infected by a virus that attacks their internet browser. This infection would likely have occured due to clinking on links in email messages or not having a fully patched computer. When the virus detects that a customer has logged into the ANZ web site it presents a fake web page asking for customer details. If these details are entered the virus sends them to the virus writer.

Since this issue requires that a customer's computer is already infected by the virus, customers who are not infected are not presented with the fake page and continue to use the web site as normal with no issues.

This style of virus can generally be changed by the criminal once on a computer, so it could be modified at any point to target any bank or similar organisation. Therefore, all online users need to be mindful of unusual requests for information when transacting online.

Below are some simple steps you can take to prevent your computer from being infected or to recognise if your computer has already been infected.

What we recommend you do

Practicing safe internet use can greatly reduce the risk of becoming infected by such a virus in the first place. More information on safe internet practices can be found in the SSO Secure Computing Checklist. Other SSO fact sheets can also be of assistance.

Accidents do happen though, so it is important to be alert for any strange behaviour from websites you frequent. Get to know the layout of your internet banking site - if it starts to ask for more information than usual you may want to contact your banking institution by phone to confirm. Remember that it is easy to make something look official on the internet. Examine your account records for any unusual activity, including any logins you don't remember making.

Being vigilant and remaining alert for such odd behaviour can greatly reduce the impact of a virus infection and can allow you to take steps to have the virus removed as quickly as possible.

Where you can find more information

ANZ has released information for this specific incident, including screenshots of the specific fake page. It can be found at:

http://www.anz.com/aus/personal/Ways-To-Bank/Internet-Banking/Protect-Your-Banking/Security-Alerts.asp?

They also have a Tips & Hints page for secure internet banking at:

http://www.anz.com/aus/personal/Ways-To-Bank/Internet-Banking/Protect-Your-Banking/Tips-And-Hints.asp?

Disclaimer

This Alert has been prepared by AusCERT for the Department of Broadband, Communications and the Digital Economy.

The information is intended for used by home users and small to medium sized businesses and is general information only and not intended as advice and was accurate and up to date at the time of publishing. The material and information in this Alert is not adapted to any particular person's circumstances and therefore cannot be relied upon to be of assistance in any particular case. In any important matter, you should seek professional advice relevant to your own circumstances.

The Commonwealth, AusCERT, and all other persons associated with this Alert accept no responsibility or liability for information either included or referred to in the Alert. No responsibility or liability is accepted for any damage, loss or expense incurred as a result of the information contained in the Alert, whether by way of negligence or otherwise.

The listing of a person or organisation in any part of this site or Alert does not imply any form of endorsement by the Commonwealth of the products or services provided by that person or organisation. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service.

Please note that material in this Alert, as the case may be, includes views or recommendations of third parties, which do not necessarily reflect the views of the Commonwealth, or indicate its commitment to particular course of action. Material on this site or in this Alert may also include information provided by third parties. The Commonwealth cannot verify the accuracy of information that has been provided by third parties.

		SEARCH
Home Advisories Alerts Newsletters Subscribe or Log In Visit Stay Smart Online	Larger text Smaller text You are here: Stay Smart Online Alert Service > Client applications > Clarification and explanation of recent media reports regarding internet banking web sites - SSO-AL2009-005 Clarification and explanation of recent media reports regarding internet banking web sites - SSO-AL2009-005 06 February 2009 What is the problem? Recent media reports have incorrectly claimed that ANZ's internet banking facilities have been compromised by criminals to capture banking details and presumably steal customer's funds. This report is incorrect - ANZ's web site remains secure, as does the communication channels between ANZ's web site and home computers. What has actually occurred is more complex. Some banking customers' computers have been infected by a virus that attacks their internet browser. This infection would likely have occured due to clinking on links in email messages or not having a fully patched computer. When the virus detects that a customer has logged into the ANZ web site it presents a fake web page asking for customer details. If these details are entered the virus sends them to the virus writer. Since this issue requires that a customer's computer is already infected by the virus, customers who are not infected are not presented with the fake page and continue to use the web site as normal with no issues. This style of virus can generally be changed by the criminal once on a computer, so it could be modified at any point to target any bank or similar organisation. Therefore, all online users need to be mindful of unusual requests for information when transacting online. Below are some simple steps you can take to prevent your computer from being infected or to recognise if your computer has already been infected. What we recommend you do Practicing safe internet use can greatly reduce the risk of becoming infected by such a virus in the first place. More information on safe internet practices can be found in the SSO Secure Computing Checklist. Other SSO fact sheets can also be of assistance. Accidents do happen though, so it is important to be alert for any strange behaviour from websites you frequent. Get to know the layout of your internet banking site - if it starts to ask for more information than usual you may want to contact your banking institution by phone to confirm. Remember that it is easy to make something look official on the internet. Examine your account records for any unusual activity, including any logins you don't remember making. Being vigilant and remaining alert for such odd behaviour can greatly reduce the impact of a virus infection and can allow you to take steps to have the virus removed as quickly as possible. Where you can find more information ANZ has released information for this specific incident, including screenshots of the specific fake page. It can be found at: http://www.anz.com/aus/personal/Ways-To-Bank/Internet-Banking/Protect-Your-Banking/Security-Alerts.asp? They also have a Tips & Hints page for secure internet banking at: http://www.anz.com/aus/personal/Ways-To-Bank/Internet-Banking/Protect-Your-Banking/Tips-And-Hints.asp? Disclaimer This Alert has been prepared by AusCERT for the Department of Broadband, Communications and the Digital Economy. The information is intended for used by home users and small to medium sized businesses and is general information only and not intended as advice and was accurate and up to date at the time of publishing. The material and information in this Alert is not adapted to any particular person's circumstances and therefore cannot be relied upon to be of assistance in any particular case. In any important matter, you should seek professional advice relevant to your own circumstances. The Commonwealth, AusCERT, and all other persons associated with this Alert accept no responsibility or liability for information either included or referred to in the Alert. No responsibility or liability is accepted for any damage, loss or expense incurred as a result of the information contained in the Alert, whether by way of negligence or otherwise. The listing of a person or organisation in any part of this site or Alert does not imply any form of endorsement by the Commonwealth of the products or services provided by that person or organisation. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service. Please note that material in this Alert, as the case may be, includes views or recommendations of third parties, which do not necessarily reflect the views of the Commonwealth, or indicate its commitment to particular course of action. Material on this site or in this Alert may also include information provided by third parties. The Commonwealth cannot verify the accuracy of information that has been provided by third parties.
	Last Updated: 2009-02-06 Copyright \| Privacy \| Disclaimer