Westpac users are advised not to panic if they receive a legitimate-looking email spoofing the bank, advising them to verify their account details.
This is a phishing scam designed to harvest confidential data. The hallmark of this scam lies in not only how well-crafted it is, but how it ironically utilises safety features to trick users.
First intercepted yesterday afternoon, the 6th of November, the email uses a display name of "Westpac" with a sender domain to match. The email actually originates from a forged sender that is located in Argentina.
The email is titled ‘Security Alert’, and its body begins with the words ‘Privacy & Security’. It advises the recipient that due to ‘the high increase of online fraud’, Westpac is ‘validating the customers randomly to verify the details belongs to their identity and account’. The recipient has been ‘selected’ to verify his or her details and is invited to click on a link to do so.
Here is a screenshot of the email:
Unsuspecting recipients who click on the button to ‘Verify Now’ are led to a legitimate-looking ‘Westpac Live Online Banking’ page which asks for their Customer ID and Password. Here is a screenshot of the page:
Upon ‘signing in’, users are led to another fake Westpac-branded page that asks for their personal information and credit card details, as per the below:
After inserting all the required fields and clicking ‘continue’, users are taken a third and last page that asks for their email and password:
After clicking on ‘confirm your email address’, users are finally redirected to the authentic Westpac webpage.
This sole purpose of this elaborate phishing scam is to harvest the login credentials of Westpac customers so the criminals behind this scam can break into their bank accounts.
By typing in your account number and password, you’re handing this sensitive account information to cybercriminals and enabling them to commit identity theft.
Cybercriminals have employed multiple techniques to boost the credibility of this scam. For instance, both the email and the corresponding phishing pages feature high quality branding elements such as Westpac’s logo & layout. The name ‘Westpac’ has also been included in the URL and in the sender address for added credibility. It is also interesting to note that the email and the phishing pages are, ironically, focused on securing the users’ banking accounts via ID verification. This only adds on to the sense of legitimacy evoked by the email as updates on account safety is a common notification expected of such a well-established bank. All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details. By including the threat of ‘permanent account suspension’ should users fail to verify their data, cybercriminals behind this scam create a sense of panic and urgency. Combined, all these techniques motivate the users to proceed forward in ‘reactivating’ their account.
Despite these attempts, eagle-eyed recipients should be able to spot several red flags within the email that point to its illegitimacy. These include grammatical errors like ‘Westpac is validating the customers randomly to verify the details belongs to their identity and account, in that way the bank can be legally assure’.
As a precaution, we urge you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The URL for Westpac’s internet banking login page is: https://online.westpac.com.au
Westpac offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling 132 032 or emailing them at firstname.lastname@example.org.
Phishing preys on the weakest link in the IT security chain – users. Tricking someone into handing over their password is far simpler than breaking into a bolstered system. As a result, hackers use tactics such as brandjacking to manipulate users and obtain sensitive data.
Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.
Don't get scammed
If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
Is your business receiving criminal intent emails?
It's time to get the protection your business needs.
Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.
Speak to the MailGuard team today to learn more how MailGuard's predictive and advanced email security can help protect your business for a few dollars per staff member per month.
Talk to a solution consultant at MailGuard today about securing your company's network.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.