In the scam, cybercriminals are seeking access to business and consumer online accounts by phishing for customers’ phone banking credentials, including their customer ID, password, phone banking PIN, and date of birth.
Here is a sample of one of the emails circulating this morning, 18 April 2016:
The email is not addressed personally to the recipient. The email subject line ‘ALERT – Error On Your Incoming Transaction’ falsely advises recipients that their account has been overdrawn and requires them to update their online banking details by following the link from the text ‘Please Click Here’.
Recipients are taken to a fake landing page hosted on a legitimate website which has been hacked - http://horizon101.com/. Cyber criminals have simply added a page to the site and hosted the fake Westpac online banking page at the URL as displayed below:
The landing page is almost identical to the legitimate Westpac Bank login site https://banking.westpac.com.au/wbc/banking/handler. The cyber criminals are asking the user to sign in to their online account with their Customer ID and Password. This gives cyber criminals online bank access immediately. By hitting ‘Sign In’ the user is redirected to a second page phishing for more information, notably their telephone banking PIN:
By continuing, the user also inadvertently provides cyber criminals with access to make bank transfers via telephone banking.
The user is finally redirected to the legitimate Westpac Bank login page making the user none the wiser they have been scammed.
On the Business Customers tab, there are instructions on how to use telephone banking with Westpac. Telephone banking allows you to make funds transfers, so the criminals may have found an easier way of performing funds transfers using the phone menu rather than the website.
MailGuard identified the scam earlier today and are consistently between 2 hours and 48 hours ahead of the market in preventing fast breaking attacks. Most on-premise or hybrid anti-virus vendors require software updates across multiple instances, which can take hours or even days, leaving clients vulnerable.
How can I protect myself from these types of email scams?
To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
- Seem suspicious and are not addressed to you by name
- Ask you to download files or click any links within an email to access your account. Always visit the website directly yourself and log into your account the way you normally would.
- Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including multiple grammatical errors)
If unsure of the legitimacy of the email, call the company/person directly and ask whether the email is legitimate before taking any directed action.
Westpac ask customers to report any unusual transactions or phishing scams. This helps Westpac to alert other customers and to be vigilant for any possible illegitimate transactions.
We recommend that you share these tips with your staff to make them aware of these campaigns. By employing a cloud-based email and web filtering solution like MailGuard, you’ll also reduce the risk of these new variants of phishing from entering your network in the first place.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.