Heads-up: Your Westpac account hasn’t really been locked

Posted by Jaclyn McRae on 07 June 2017 15:25:49 AEST

 A low-tech phishing attempt is currently targeting Westpac customers.

The email scam, with the subject line ‘Your account is locked’ has been distributed to a relatively small number of recipients. It says the person’s account has been temporarily locked “as a result of technical issues detected”.

Recipients are told to click a link to unlock their internet banking access.

The link takes victims to a replica of the Westpac banking website, hosted on the unrelated domain of a Tanzanian guesthouse, which was likely compromised in an earlier cyber hack.

Your Account Is Locked - Mozilla Thunderbird_001.png

Here, they’re told to enter their customer ID and password. This is a ploy by the cybercriminals behind this campaign to steal and record log-in information, allowing them to access victims’ accounts and transfer money into their own hands.

Westpac Online Banking registration - personal banking - Westpac Online Banking - Mozilla Firefox_002.png

While the fraud email contains many indications it is a scam, the fact it’s sent from the forged address ccapplications@westpac.com.au may trip up some recipients.

Signs this is a scam

  • The plain-text email has no branding or customised information. It starts with a generic ‘This is to inform you’ message
  • Words are inconsistently capitalised (see Locked/locked and RESOLVE IT HERE).
  • Real banks never direct their customers to click a link to sign in to resolve an issue
  • By hovering over the link you can see where it really takes you – in this case an accommodation provider based in Tanzania
  • On the fake Westpac site’s URL you’ll see a padlock with a red line through it, which indicates the website is not secure.
  • The real Westpac site, https://www.westpac.com.au/, has a green padlock, indicating it is safe to use.

How to spot a phishing scam

  • A heightened sense of urgency in the email
  • Bad grammar, poor spelling, misuse of punctuation
  • An attempt to ‘verify’ your information such as user name or password
  • Illegitimate links (hover over them and you can tell straight away)
  • Generic throughout, with no use of personalisation
  • Obscure sending addresses
  • Distorted logos or poor-quality graphics in the email body.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing Westpac Email Scam Westpac Bank Cybersecurity cybercrime

Back to Blog


    Something Powerful

    Tell The Reader More

    The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


    • Bullets are great
    • For spelling out benefits and
    • Turning visitors into leads.

    Recent Posts

    Posts by Topic

    see all