Akankasha Dewan 27 February 2020 17:13:23 AEDT 4 MIN READ

Phishing email spoofing Westpac informs users their card has been put on ‘hold’

Cybercriminals have once again exploited Westpac Bank’s trademarks in a phishing email scam.

Titled ‘Westpac: You Have One New Important Message’, the malicious emails are infiltrating inboxes using the display name ‘Support’. They actually originate from a single compromised email address that is created ad-hoc for this scam.

The email includes Westpac’s logo and is titled ‘Online Banking’. It informs you that the bank has placed ‘a hold on your card’ as it has detected usage in a different location. To resolve this problem, the email urges you to visit a branch, or click on a link to ‘get verified within minutes’.   

Here is a screenshot of the email:

westpac 2802_edited

Unsuspecting recipients who click on the link are led to a fake Westpac-branded login page:


westpac 2702_1

Upon inserting their customer ID and password, users are led to a page asking for their address:

westpac 2702_2

Upon clicking 'continue', users are led to another page requiring them to insert their email address, password and telephone number:

westpac 2702_3

This is a followed by a page asking for their credit card details:

westpac 2702_4

The last page in this email scam confirms the successful completion of the security check and finally, then the victim is redirected to the actual Westpac site.

westpac 2702_5

This sole purpose of this elaborate phishing scam is to harvest the login credentials of Westpac customers so the criminals behind this scam can break into their bank accounts.

By typing in your account number and password, you’re handing this sensitive account information to cybercriminals and enabling them to commit identity theft.

The hallmark of this scam lies in how authentic it looks. Cybercriminals have employed multiple techniques to boost its credibility. For instance, both the email and the corresponding phishing pages feature high quality branding elements such as WestPac’s logo & layout.

Furthermore, cybercriminals behind this scam have incorporated several techniques within the email itself to boost its credibility. These include:

  • The inclusion of Westpac’s support links and helpline in the footer of the email – this is a common feature expected of a well-established bank like Westpac and,
  • An alarming subject line; informing recipients of ‘One New Important Message’ creates a sense of urgency and anxiety. This motivates users to take action immediately without checking on the email’s authenticity.

Combined, all these techniques motivate the users to proceed forward in ‘reactivating’ their account.

As a precaution, we urge you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The URL for Westpac’s internet banking login page is: https://online.westpac.com.au

Westpac offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling 132 032 or emailing them at hoax@westpac.com.au.

Phishing preys on the weakest link in the IT security chain – users. Tricking someone into handing over their password is far simpler than breaking into a bolstered system. As a result, hackers use tactics such as brandjacking to manipulate users and obtain sensitive data.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates