Don't fall for it! The shocking truth about SMS links and how to stay safe.

You probably already know this – we here at SDC have countless articles explaining why you shouldn’t trust links sent through SMS, even if they appear to be from your bank – but another reminder wouldn’t hurt especially when scams spike around the holiday period.


Generally scams are relatively easy to spot with a few telltale signs, but we can’t always expect people to be on guard. When in doubt, it helps to call the purported business directly (via a verified number), ask a friend, or consult an online community you trust.

On Reddit, one user sought the opinion of fellow Aussies after receiving a text message, supposedly from ANZ.

capture-20221223-024637.png
A text pretending to be from ANZ included a link that is supposedly for reporting unauthorised activity. Credit: Reddit

The text was written to appear as if it was sent in response to the Reddit user doing something that needed a PIN – many banks use a one-time password (OTP) sent through SMS before a transaction will go through. It then asked the receiver to click on a link immediately if they did not request a code.


Many Redditors responded to say that it was indeed suspicious. A top comment said: ‘It’s a common scam, sent to thousands of people, knowing that some will be ANZ customers and will worry, clicking on the link. The domain is dodgy to begin with (you would expect ANZ to use anz.com.au or similar).’

The poster did a bit of online sleuthing and found some useful information: ‘The domain was registered by ‘Internet Domain Service BS Corp’ which has a non-functioning registrar URL, and ANZ's real domain is registered via instra.com. I accessed the link via sandbox. It is designed to appear to be an ANZ page using their logos and asks for login credentials. None of the links work.’

They then encouraged the author to report it to ANZ who could then work to have it taken down.

The message had signs that it was a scam, which would probably be obvious to readers by now. Besides an unknown number, banks don’t typically add links for users to click to block transactions or use website URLs separate to their main site.


A Redditor said: ‘I don't bank with ANZ, but do with some other banks that send these types of 2FA (two factor authentication) messages. I checked a couple of them, and they say ‘Contact us immediately on <number> if you did not initiate this payment.’ The fact that they've sent you a clickable link instead screams scam.’

Another shared their experience with a compromised account: ‘When my account was exposed, along with others, my bank texted me to say ‘please contact or call into any branch of the bank as we need to discuss your account urgently’. They never gave any codes, asked for passwords etc. Just contact your bank ASAP.’

Spoofing URLs is also easy, so it doesn’t hurt to apply a general rule of never clicking links sent through SMS. Misleading links are more obvious to spot when using a desktop computer or a laptop – you can usually hover over hyperlinked texts to see where they will redirect – but not on mobile phones. (Don’t worry, all links on this article are safe to click.)

Phone numbers are also easy to fake. Messages that appear to be from ANZ instead of an unknown number aren’t automatically safe and are suspicious if they include links.


If you suspect unauthorised transactions made on your account, it’s still best to call the bank or type the link directly into your browser. As one user put it: ‘Remember folks, there's nothing wrong with doing the navigation and address typing yourself instead of trusting a link, especially regarding finance!’

On its website, ANZ tells its customers that it will never:
  • Ask you for your banking PINs, passwords or security codes
  • Send you a link to log on to ANZ Internet Banking - always type the URL (anz.co.nz) into your browser
  • Ask you to download any software onto your devices
  • Ask you to give us remote access to your devices.
Just clicking the link might seem harmless to some people, but you can be compromised even if you haven’t logged in using your personal information on a fake website.

One user shared: ‘The more sophisticated attacks might attempt to push malware onto your device from the website itself. It depends on what's on the site, if there are web apps, or it might try to download something or ask for permissions in some way.’


If you are concerned about your account’s security, it’s best to change your passwords (make sure to do this on the official website or mobile app) and contact the bank directly. ANZ encourages its customers to close their browsers, clear their browsing history, and run a scan of their devices using up-to-date antivirus software.

You can also screenshot suspicious text messages and send them to ANZ through [email protected] for investigation.

If you receive a message claiming to be ANZ or any other Australian business or government agency and doubt its authenticity, delete the text, do not reply to the message, and report it immediately if you clicked on anything. Remember, time is of the essence, especially when you are a scam victim.

Be safe out there, folks!
 
Sponsored
You probably already know this – we here at SDC have countless articles explaining why you shouldn’t trust links sent through SMS, even if they appear to be from your bank – but another reminder wouldn’t hurt especially when scams spike around the holiday period.


Generally scams are relatively easy to spot with a few telltale signs, but we can’t always expect people to be on guard. When in doubt, it helps to call the purported business directly (via a verified number), ask a friend, or consult an online community you trust.

On Reddit, one user sought the opinion of fellow Aussies after receiving a text message, supposedly from ANZ.

View attachment 10943
A text pretending to be from ANZ included a link that is supposedly for reporting unauthorised activity. Credit: Reddit

The text was written to appear as if it was sent in response to the Reddit user doing something that needed a PIN – many banks use a one-time password (OTP) sent through SMS before a transaction will go through. It then asked the receiver to click on a link immediately if they did not request a code.


Many Redditors responded to say that it was indeed suspicious. A top comment said: ‘It’s a common scam, sent to thousands of people, knowing that some will be ANZ customers and will worry, clicking on the link. The domain is dodgy to begin with (you would expect ANZ to use anz.com.au or similar).’

The poster did a bit of online sleuthing and found some useful information: ‘The domain was registered by ‘Internet Domain Service BS Corp’ which has a non-functioning registrar URL, and ANZ's real domain is registered via instra.com. I accessed the link via sandbox. It is designed to appear to be an ANZ page using their logos and asks for login credentials. None of the links work.’

They then encouraged the author to report it to ANZ who could then work to have it taken down.

The message had signs that it was a scam, which would probably be obvious to readers by now. Besides an unknown number, banks don’t typically add links for users to click to block transactions or use website URLs separate to their main site.


A Redditor said: ‘I don't bank with ANZ, but do with some other banks that send these types of 2FA (two factor authentication) messages. I checked a couple of them, and they say ‘Contact us immediately on <number> if you did not initiate this payment.’ The fact that they've sent you a clickable link instead screams scam.’

Another shared their experience with a compromised account: ‘When my account was exposed, along with others, my bank texted me to say ‘please contact or call into any branch of the bank as we need to discuss your account urgently’. They never gave any codes, asked for passwords etc. Just contact your bank ASAP.’

Spoofing URLs is also easy, so it doesn’t hurt to apply a general rule of never clicking links sent through SMS. Misleading links are more obvious to spot when using a desktop computer or a laptop – you can usually hover over hyperlinked texts to see where they will redirect – but not on mobile phones. (Don’t worry, all links on this article are safe to click.)

Phone numbers are also easy to fake. Messages that appear to be from ANZ instead of an unknown number aren’t automatically safe and are suspicious if they include links.


If you suspect unauthorised transactions made on your account, it’s still best to call the bank or type the link directly into your browser. As one user put it: ‘Remember folks, there's nothing wrong with doing the navigation and address typing yourself instead of trusting a link, especially regarding finance!’

On its website, ANZ tells its customers that it will never:
  • Ask you for your banking PINs, passwords or security codes
  • Send you a link to log on to ANZ Internet Banking - always type the URL (anz.co.nz) into your browser
  • Ask you to download any software onto your devices
  • Ask you to give us remote access to your devices.
Just clicking the link might seem harmless to some people, but you can be compromised even if you haven’t logged in using your personal information on a fake website.

One user shared: ‘The more sophisticated attacks might attempt to push malware onto your device from the website itself. It depends on what's on the site, if there are web apps, or it might try to download something or ask for permissions in some way.’


If you are concerned about your account’s security, it’s best to change your passwords (make sure to do this on the official website or mobile app) and contact the bank directly. ANZ encourages its customers to close their browsers, clear their browsing history, and run a scan of their devices using up-to-date antivirus software.

You can also screenshot suspicious text messages and send them to ANZ through [email protected] for investigation.

If you receive a message claiming to be ANZ or any other Australian business or government agency and doubt its authenticity, delete the text, do not reply to the message, and report it immediately if you clicked on anything. Remember, time is of the essence, especially when you are a scam victim.

Be safe out there, folks!
Agree be safe we should all remember the Optus and Medibank Data breach's
 
  • Like
Reactions: IJH
I have had them from ANZ and NAB and I don't bank with either, so I know its a scam. But if you bank with them that's a different story. Just be aware.
 
  • Like
Reactions: terri and JehazFNQ
Hey mate, thanks for the heads up about SMS links. It's always better to be safe than sorry, especially during the holiday season when scammers are on the prowl. I also appreciate that you mentioned reaching out to trusted online communities for advice. That's a great idea and something that can really come in handy when you're not sure who to turn to. Actually, that's why I always use my australian phone number for signing up. I don't want scammers to know my real number. Thanks again for the reminder, and let's stay vigilant against those sneaky scammers.
 
Last edited:

Join the conversation

News, deals, games, and bargains for Aussies over 60. From everyday expenses like groceries and eating out, to electronics, fashion and travel, the club is all about helping you make your money go further.

Seniors Discount Club

The SDC searches for the best deals, discounts, and bargains for Aussies over 60. From everyday expenses like groceries and eating out, to electronics, fashion and travel, the club is all about helping you make your money go further.
  1. New members
  2. Jokes & fun
  3. Photography
  4. Nostalgia / Yesterday's Australia
  5. Food and Lifestyle
  6. Money Saving Hacks
  7. Offtopic / Everything else
  • We believe that retirement should be a time to relax and enjoy life, not worry about money. That's why we're here to help our members make the most of their retirement years. If you're over 60 and looking for ways to save money, connect with others, and have a laugh, we’d love to have you aboard.
  • Advertise with us

User Menu

Enjoyed Reading our Story?

  • Share this forum to your loved ones.
Change Weather Postcode×
Change Petrol Postcode×