An SMS scam has been targeting banking customers with fake website links to steal their private banking details. The otherwise short messages contain links and phrases like “account notification,” “notification” or “verify your identity.” Clicking on which would direct the user to a fake website identical to their bank’s online portals.

The SMS phishing scam is so sophisticated that it is hard to tell the fake from the real banking websites. According to the Australian Communications and Media Authority, the banking website seems “almost indistinguishable from the real thing.” An alert was issued on Wednesday in Australia and New Zealand.

Australian banks including ANZ, NAB, Suncorp Bank, Heritage Bank, Bank of Queensland, St. George Bank, Bendigo Bank and GE Money customers have and still face risks of being targeted by the SMS scam.

“The sophistication and scope of the campaign are indicated by the extensive use of internet domains that closely resemble the legitimate domains of Australian and New Zealand banks,” the alert as quoted by the ABC. “Often these domains will be active for only a very short time, replaced shortly thereafter with another ‘plausible’ bank domain.”

The Australian Communications and Media Authority has posted several links to help consumers distinguish the fake from real ones. Most of these websites are identical to the original bank’s website except for a few added words, such as “mobile” or “mobi,” the Sydney Morning Herald reported.

“It appears that the criminals behind this campaign are constantly refining their messages and the associated fake imitation banking websites to increase their chance of success,” the alert said. “In the fake ANZ mobile banking website scam, you can see how they have even used a fake ‘loading’ page to simulate standard mobile banking transactions,”

The watchdog came to know about the alert after a number of affected customers reported the scam via its SMS spam reporting numbers.