Westpac users are advised not to panic if they receive a legitimate-looking email spoofing the bank, claiming their account is ‘’temporarily blocked”.
This is a phishing scam designed to harvest confidential data. The hallmark of this scam lies in not only how well-crafted it is, but how it ironically utilises safety features to trick users.
Using a display name of “Westpac Online Banking”, the emails are sent using a “@Westpac.com” domain. However, we discovered each email had a unique sending address. The subject line used in the email claims that the user’s ‘Westpac bank account is temporarily blocked’ and contains the recipient’s first name, as per the below:
The email body is addressed to the recipient’s email address. It informs the recipient that an ‘unusual online transaction’ has been detected and as a consequence, their ‘online banking will remain blocked’ until the recipient has verified his or her identity. A link is provided to do so.
Here is a screenshot of the email body:
Unsuspecting recipients who click in the link verify their identity are taken to a fake Westpac-branded login page:
After ‘signing in’, users are led to another page asking for their credit card details:
After submitting their details, users are finally led to redirected to the actual Westpac website.
This sole purpose of this elaborate phishing scam is to harvest the login credentials of Westpac customers so the criminals behind this scam can break into their bank accounts.
By typing in your account number and password, you’re handing this sensitive account information to cybercriminals and enabling them to commit identity theft.
Cybercriminals have employed multiple techniques to boost the credibility of this scam, like including the recipient’s first name in the subject and also including the recipient’s email address within the email body. Personalising the email in this way tricks users into thinking that this isn’t a generic, potential email scam spoofing Westpac but a genuine one from the bank that is actually directed at the recipient. Additionally, both the email and the corresponding phishing pages feature high quality branding elements such as Westpac’s logo & layout. The name ‘Westpac’ has also been included in the URL of all phishing pages for added credibility.
It is also interesting to note that the email and the phishing pages are, ironically, focused on securing the users’ banking accounts via ID verification. This only adds on to the sense of legitimacy evoked by the email as updates on account safety is a common notification expected of such a well-established bank.
All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details. By claiming that their online banking services will remain locked unless action is taken, cybercriminals behind this scam create a sense of panic and urgency. Combined, all these techniques motivate the users to proceed forward in verifying their identity.
Despite these attempts, eagle-eyed recipients should be able to spot several red flags within the email that point to its illegitimacy. These include spelling errors like ‘your online banking will remain blocked until you verify your identy”.
As a precaution, we urge you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The URL for Westpac’s internet banking login page is: https://online.westpac.com.au
Westpac offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling 132 032 or emailing them at email@example.com.
Phishing preys on the weakest link in the IT security chain – users. Tricking someone into handing over their password is far simpler than breaking into a bolstered system. As a result, hackers use tactics such as brandjacking to manipulate users and obtain sensitive data.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
One email is all that it takes
All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.