Akankasha Dewan 30 September 2019 17:03:25 AEST 4 MIN READ

Phishing email supposedly from Westpac reminds users of the ‘end of tax season’

Cybercriminals have once again exploited Westpac Bank’s trademarks in a phishing email scam.

MailGuard first detected these emails infiltrating inboxes around mid-day (AEST) today, the 30th of September. The email originates from many different email addresses all belonging to the same compromised domain. Using a display name of ‘Westpac’, each message comes from a different sender address and contains a unique phishing URL.

The body of the emails warn users that because "irregular activity has been detected”, their Westpac accounts have been “restricted”. The email then invites the user to click on a button to reactivate their accounts.  

Here are a couple of screenshots of the email:


Unsuspecting recipients who click on the button to reactivate their accounts are led to a to a phishing web page, reproduced by the scammers with great accuracy. Here a login form asks for Customer ID and Password,  as seen in the screenshot below:


After ‘signing in’, users are led to another fake Westpac-branded page that requests them for their credit card details (Card Number, Expiry Date a Security code CVV):


Once submitted, the page simulates a mistyping error in the credentials just inserted. Here’s a screenshot:


This sole purpose of this elaborate phishing scam is to harvest the login credentials of Wespac customers so the criminals behind this scam can break into their bank accounts.

By typing in your account number and password, you’re handing this sensitive account information to cybercriminals and enabling them to commit identity theft.

The hallmark of this scam lies in how authentic it looks. Cybercriminals have employed multiple techniques to boost its credibility. For instance, both the email and the corresponding phishing pages feature high quality branding elements such as WestPac’s logo & layout. The name ‘Westpac’ has also been included in the URL and in the sender address for added credibility. Interestingly, the header of the email also reminds users of the end of ‘tax season’ – a timely reminder likely expected from such a well-established bank such as Westpac. Combined, all these techniques motivate the users to proceed forward in ‘reactivating’ their account.

As a precaution, we urge you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The URL for Westpac’s internet banking login page is: https://online.westpac.com.au

Westpac offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling 132 032 or emailing them at hoax@westpac.com.au.

Phishing preys on the weakest link in the IT security chain – users. Tricking someone into handing over their password is far simpler than breaking into a bolstered system. As a result, hackers use tactics such as brandjacking to manipulate users and obtain sensitive data.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network. 


Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates