Phishing email scam spoofing Westpac claims to detect ‘unusual activity’ in users’ bank accounts

Posted by Akankasha Dewan on 04 June 2019 15:04:46 AEST

The banking industry is increasingly becoming a favourite among cybercriminals. After intercepting multiple variations of an email scam spoofing NAB earlier today, MailGuard has now detected another phishing email scam purporting to be from Westpac.

Using a display name "Westpac Bank", the emails are actually sent by what appears to be a compromised account. The message body is in plain-text, advising recipients that some unusual activity was noticed on their account. Their account has been temporarily locked and a link is provided to re-activate their account.

Here is a screenshot of the email:

westpac phishing email

Unsuspecting recipients who click on the link are led to a Westpac branded phishing page, asking for their account ID and password:

westpac 2

Once they enter these details, they are taken to a second page asking for some personal information, such as date of birth, mobile number and driver’s license number.

westpac 3

When this second page is submitted, the user is shown a page stating their account is being verified, after a short pause they are redirected to the actual Westpac bank login page.

Whilst this attempt isn’t as sophisticated as many other examples we have seen, it will still fool less vigilant recipients into entering their login credentials. Here are certain signs that point to this email’s illegitimacy:

Signs this is a scam

  • The plain-text email has no branding or customised information. It starts with ‘we noticed some unusual activity in your account’ with no further details about this activity.
  • There are several grammatical inconsistencies such as ‘Sign On here’, and the lack of proper punctuation(‘re activate’).
  • Real banks never direct their customers to click a link to sign in to resolve an issue


As a precaution, we urge you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The URL for Westpac’s internet banking login page is:

Westpac offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling 132 032 or emailing them at

Phishing preys on the weakest link in the IT security chain – users. Tricking someone into handing over their password is far simpler than breaking into a bolstered system. As a result, hackers use tactics such as brandjacking to manipulate users and obtain sensitive data.


Stop email fraud

Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.

For a few dollars per month, you can protect your inbox with MailGuard's predictive email security.

Talk to an expert at MailGuard today about making your email secure: click here.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates




Topics: Phishing ANZ email fraud ANZ scam scam email Threat Update bank scam

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all