Identity Theft Warning: Fake Westpac Email Scam Phishing For Personal And Banking Details

Posted by MailGuard Editor on 24 September 2015 13:02:33 AEST

MailGuard have identified and have successfully blocked a zero-day phishing email threat leveraging the reputation of Westpac. Although we have successfully protected all our corporate clients from falling victim, we would like to share this with the public to help to educate and reduce the number of email users falling victim.

At the time MailGuard discovered this new variant, no common security vendors were detecting the malicious URL contained within the email as a phishing scam.

Here is a screenshot of the type of email to watch out for:

Westpac-Phishing-Email-Scam_Email-Sample_20150924_Feature

In the example above, this email appears to originate from Westpac Online Banking. Ironically, the email states that in order to be protected from phishing scams, they need to update their online information. Cyber criminals rely on offering a reward or instilling fear in order to gain the information or the preferred action from the unsuspecting email recipient. 

The email shows a URL that appears to be a legitimate Westpac online banking URL, but clicking the link actually takes recipients to a fake landing page which replicates the styling of the legitimate Westpac online banking website. Notice in the screen shot below, the URL is not a legitimate Westpac Bank URL and should be an obvious indication this is a scam. 

Westpac_Phishing_Email_Scam_Landing_Page_Sample_20150924

By completing the fields required on the fake landing page, online banking users are actually giving cyber criminals access to their online bank accounts. By ‘Signing In’ you are actually taken to another fake landing page on a compromised website.

Westpac_Phishing_Email_Scam_Landing_Page_Sample_2_20150924

This page actually asks for further information from the now victim; information which should have nothing to do with a supposed solution for phishing scams.

Entering personal information such as Medicare Card, Driver’s License Number, Mother’s Maiden Name and more, the victim has now opened themselves up to be becoming a victim of identity theft also.

By hitting submit, the victim is redirected to the legitimate Westpac Bank website, leaving the user none the wiser they have been scammed and that the process was actually orchestrated by Westpac. 

Westpac_Phishing_Email_Scam_Landing_Page_Sample_3_20150924

If you or someone you know has fallen victim to this scam or something similar, please laert your banking institution immediately.

As a precaution, we urge you to delete emails that:

  • Appear to be from a legitimate company and are not addressed to you by name or are written in poor English.
  • Require you to click a link in the email body to verify your identity. Banks are aware that cyber criminals send phishing scam emails including links to compromised websites. Your bank will always instruct you to go to their website directly, and not to log into your account via a link through an email.
  • Request personal information that the purported sender should already have access to or not require for the stated purpose of the email.

Educating staff and employing cloud-based email filtering and web filtering, complimented by multilayered defences including desktop antivirus, anti-malware and anti-spyware will go a long way to mitigating the risk from a wide range of email scams. 

 


Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top

Topics: Phishing Westpac Email Scam Zero Day

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all