Users of Westpac Bank’s online banking services are advised to be on the lookout for a malicious email purporting to be from the bank. The email was first detected by MailGuard on the 5th of December evening (AEST).
The emails are infiltrating inboxes using the display name "Westpac New Zealand" and display the compromised mailbox used to send the message. Cybercriminals behind this email scam have also disguised the To: field by using "Recipients" as the recipient display name. The sender’s email address is again visible here.
The message body includes the Westpac logo at the top and a footer for "2019 Westpac New Zealand". It thanks the recipient for using “Westpac One online services “and informs them that they need to validate their account to “start managing transactions securely and safe”. A link is provided to validate and ensure their account will be active for latest "security guardian guarantee"
Here is a screenshot of the email:
Unsuspecting recipients who click on the link to ‘validate’ their account are led to a page that’s currently displaying a ‘404 error’.
It is suspected that the sole purpose of this email scam is to harvest personal details of Westpac customers so the criminals behind this scam can break into their bank accounts.
Cybercriminals have employed multiple techniques to boost this email’s credibility. These include:
- use of a major brand name to inspire false trust; the usage of the supposed ‘Westpac’ display name boosts the email's credibility,
- inclusion of high-quality branding elements like Westpac’s logo & branding that are typically present in notifications from the bank and,
- false urgency; a subject line such as ‘RESPOND NOW’ creates a sense of panic and anxiety.
Despite these techniques, eagle-eyed recipients should be able to spot several red flags that point to the email’s illegitimacy. For instance, no personal information of the recipient is included in the message body. In addition, while the link in the email to ‘validate’ user’s account appears legitimate, hovering over the link would indicate that it does not go to the bank.westpac.co.nz.
As a precaution, we urge you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The URL for Westpac’s internet banking login page is: https://online.westpac.com.au
Westpac offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling 132 032 or emailing them at firstname.lastname@example.org.
Phishing preys on the weakest link in the IT security chain – users. Tricking someone into handing over their password is far simpler than breaking into a bolstered system. As a result, hackers use tactics such as brandjacking to manipulate users and obtain sensitive data.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.