Sophisticated 0-Day Westpac Email Scam Targeting Australian Customers

Posted by Daniel Graziano on 09 October 2015 15:30:00 AEDT

MailGuard have identified and successfully blocked another variation of an email phishing scam currently being circulated by cyber criminals impersonating Westpac.

Here is a screenshot of the type of email to watch out for:

westpac-email-phishing-scam-confirmation-phone-number

As you can see in the email above, the subject of the email is, “Westpac: Your Details Have Changed”, whilst the sender is purported to be Westpac.

The recipient is addressed by their email, and instructed to update their phone number following a number of unsuccessful attempts to make contact with them.

westpac-email-phishing-scam-landing-page-verfication

Upon clicking the link within the email to update their details, the recipient is directed to a replica of the official Westpac login page. The cybercriminals have even replicated the Westpac virtual keyboard.

The inauthenticity of this phishing scam is clearly identifiable at this point by the URL, as well as the impersonal nature of the email.

Entering your login credentials into the form directs you to a fake Westpac account overview page.

westpac-phishing-scam-account-choice-form-completion

At this point, things get interesting.

Picture this.

It’s 11am. You’re swamped with work.

Checking your email every five minutes is completely normal.

An email arrives – it’s from your bank, Westpac. They’ve tried to call you numerous times, but had no success in reaching you.

Hmm... This could be urgent. You need to confirm your phone number.

No time to waste. The pile of work building up isn’t going to take care of itself.

It’ll only take 5 minutes to quickly change your details. Why not now?

Everything seems normal, you punch in your login details via the Westpac virtual keyboard.

Meanwhile, in real-time, an evil cybercriminal logs into your account with the details you’ve naively provided.

As you try to edit your account details, you’re prompted to enter your authorisation code.

A message appears on your phone. It’s your Westpac authorisation code.

westpace-email-scam-zero-day-authorisation-required

It’s part of Westpac’s two factor authentication.

You trust it.

You’ve entered it dozens of times. Why not now?

You enter your authorisation code exactly as it appears on your mobile.

westpac-banking-scam-redirect-official-authentication-timeout

You’re redirected to an official Westpac timeout landing page.

Bah! No time to handle this now, you’ve got things to do.

Meanwhile, the cybercriminal has access to your Westpac account – cunningly bypassing Westpac’s two-factor security authentication.

Let’s take a look at what this scammer now has access to:

  • Your Westpac bank account
  • Any associated cards linked to your account
  • The funds/credit you have at your disposal

This campaign forms part of a number of sophisticated 0-day Westpac scam emails we have identified and successfully protected our clients from.

All it takes is a simple oversight. A single lapse of attention to be infiltrated.

As a precaution, we urge you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The URL for Westpac’s internet banking login page is: https://online.westpac.com.au

Westpac offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling 132 032 or emailing them at hoax@westpac.com.au.

Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.


Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top

Topics: Phishing Email Security Westpac Email Scam Zero Day

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all