MailGuard have identified further variations of the fraudulent 0-day Westpac scam campaign currently circulating.
Westpac customers have been hit heavily of late by email phishing scams designed to capture their internet banking and security verification details.
Here are screenshots of the latest variations we have identified and blocked.
‘Your Westpac E-Statement Is Ready To View Online’
As you can see in the example above, the sender, purporting to be “Westpac”, provides instruction to the recipient to view their latest Westpac statement online. The cybercriminals have attempted to hide the link to the phishing site within the attached PDF file to bypass email content filters. Upon downloading the file, the recipient is directed to update their Adobe Reader to view the statement.
The victim arrives on the landing page you see above. The obvious giveaway of this attempt is the non-legitimate URL in the website address field, and the outdated ‘Westpac One’ online banking login page.
Upon entering their login details, the victim is directed to the above page. They are prompted to enter 'Online Guardian' security questions and answers. Online Guardian is Westpac’s “secure fraud detection system”, designed to monitor your online banking account for unusual activity and transactions. You can read more about Online Guardian here.
Unfortunately, this phishing scam preys on Westpac customers that rely on the extra layer of protection that this fraud detection tool provides.
‘Direct Debit Attempt Notification’
This email phishing scam is a more sophisticated attempt. The purported sender is, ‘Westpac Customer Service’, alerting the recipient of a ‘direct debit attempt’.
The cybercriminal has hyperlinked a legitimate Westpac destination URL to fool the user into believing they are clicking on an official Westpac authorisation link.
Upon clicking the link within the email to decline the transaction, the recipient is directed to a replica of the official Westpac login page. The cybercriminals have even replicated the Westpac virtual keyboard; a phishing technique we have identified in the past.
The inauthenticity of this phishing scam is clearly identifiable at this point by the URL, as well as the impersonal nature of the email.
Entering your login credentials into the form directs you to a ‘Direct Debit Payment Cancellation Form’.
The victim is required to enter security verification details such as their Phone Banking PIN, Medicare No. and Driver’s License No.
Let’s take a look at what this scammer now has access to:
- Your Westpac bank account
- Residential information which can be sold to telemarketers, or segmented by other cyber criminals into lists that can be targeted when orchestrating future attacks (that’s right, you’re signing yourself up for future attacks!)
- Any associated cards linked to your account
- Security information which can be used to fraudulently gain access to a number of related accounts (bank accounts, government issued accounts).
As a precaution, we urge you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The URL for Westpac’s internet banking login page is: https://online.westpac.com.au
Westpac offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling 132 032 or emailing them at firstname.lastname@example.org.
For more great tips on identifying viruses and malware, be sure to read and share our Guide To Cyber-attacks And Tips For Being Cyber Safe Within Your Business.
Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.