MailGuard have identified and have successfully blocked a zero-day phishing email threat leveraging the reputation of Westpac. Although we have successfully protected all our corporate clients from falling victim, we would like to share this with the public to help to educate and reduce the number of email users falling victim.
At the time MailGuard discovered this new variant, no common security vendors were detecting the malicious URL contained within the email as a phishing scam.
Here is a screenshot of the type of email to watch out for:
In the example above, this email appears to originate from Westpac Online Banking. Ironically, the email states that in order to be protected from phishing scams, they need to update their online information. Cyber criminals rely on offering a reward or instilling fear in order to gain the information or the preferred action from the unsuspecting email recipient.
The email shows a URL that appears to be a legitimate Westpac online banking URL, but clicking the link actually takes recipients to a fake landing page which replicates the styling of the legitimate Westpac online banking website. Notice in the screen shot below, the URL is not a legitimate Westpac Bank URL and should be an obvious indication this is a scam.
By completing the fields required on the fake landing page, online banking users are actually giving cyber criminals access to their online bank accounts. By ‘Signing In’ you are actually taken to another fake landing page on a compromised website.
This page actually asks for further information from the now victim; information which should have nothing to do with a supposed solution for phishing scams.
Entering personal information such as Medicare Card, Driver’s License Number, Mother’s Maiden Name and more, the victim has now opened themselves up to be becoming a victim of identity theft also.
By hitting submit, the victim is redirected to the legitimate Westpac Bank website, leaving the user none the wiser they have been scammed and that the process was actually orchestrated by Westpac.
If you or someone you know has fallen victim to this scam or something similar, please laert your banking institution immediately.
As a precaution, we urge you to delete emails that:
- Appear to be from a legitimate company and are not addressed to you by name or are written in poor English.
- Require you to click a link in the email body to verify your identity. Banks are aware that cyber criminals send phishing scam emails including links to compromised websites. Your bank will always instruct you to go to their website directly, and not to log into your account via a link through an email.
- Request personal information that the purported sender should already have access to or not require for the stated purpose of the email.
Educating staff and employing cloud-based email filtering and web filtering, complimented by multilayered defences including desktop antivirus, anti-malware and anti-spyware will go a long way to mitigating the risk from a wide range of email scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.