Daniel Graziano 09 October 2015 15:30:00 AEDT 4 MIN READ

Sophisticated 0-Day Westpac Email Scam Targeting Australian Customers

MailGuard have identified and successfully blocked another variation of an email phishing scam currently being circulated by cyber criminals impersonating Westpac.

Here is a screenshot of the type of email to watch out for:


As you can see in the email above, the subject of the email is, “Westpac: Your Details Have Changed”, whilst the sender is purported to be Westpac.

The recipient is addressed by their email, and instructed to update their phone number following a number of unsuccessful attempts to make contact with them.


Upon clicking the link within the email to update their details, the recipient is directed to a replica of the official Westpac login page. The cybercriminals have even replicated the Westpac virtual keyboard.

The inauthenticity of this phishing scam is clearly identifiable at this point by the URL, as well as the impersonal nature of the email.

Entering your login credentials into the form directs you to a fake Westpac account overview page.


At this point, things get interesting.

Picture this.

It’s 11am. You’re swamped with work.

Checking your email every five minutes is completely normal.

An email arrives – it’s from your bank, Westpac. They’ve tried to call you numerous times, but had no success in reaching you.

Hmm... This could be urgent. You need to confirm your phone number.

No time to waste. The pile of work building up isn’t going to take care of itself.

It’ll only take 5 minutes to quickly change your details. Why not now?

Everything seems normal, you punch in your login details via the Westpac virtual keyboard.

Meanwhile, in real-time, an evil cybercriminal logs into your account with the details you’ve naively provided.

As you try to edit your account details, you’re prompted to enter your authorisation code.

A message appears on your phone. It’s your Westpac authorisation code.


It’s part of Westpac’s two factor authentication.

You trust it.

You’ve entered it dozens of times. Why not now?

You enter your authorisation code exactly as it appears on your mobile.


You’re redirected to an official Westpac timeout landing page.

Bah! No time to handle this now, you’ve got things to do.

Meanwhile, the cybercriminal has access to your Westpac account – cunningly bypassing Westpac’s two-factor security authentication.

Let’s take a look at what this scammer now has access to:

  • Your Westpac bank account
  • Any associated cards linked to your account
  • The funds/credit you have at your disposal

This campaign forms part of a number of sophisticated 0-day Westpac scam emails we have identified and successfully protected our clients from.

All it takes is a simple oversight. A single lapse of attention to be infiltrated.

As a precaution, we urge you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The URL for Westpac’s internet banking login page is: https://online.westpac.com.au

Westpac offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling 132 032 or emailing them at hoax@westpac.com.au.

Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top