A low-tech phishing attempt is currently targeting Westpac customers.
The email scam, with the subject line ‘Your account is locked’ has been distributed to a relatively small number of recipients. It says the person’s account has been temporarily locked “as a result of technical issues detected”.
Recipients are told to click a link to unlock their internet banking access.
The link takes victims to a replica of the Westpac banking website, hosted on the unrelated domain of a Tanzanian guesthouse, which was likely compromised in an earlier cyber hack.
Here, they’re told to enter their customer ID and password. This is a ploy by the cybercriminals behind this campaign to steal and record log-in information, allowing them to access victims’ accounts and transfer money into their own hands.
While the fraud email contains many indications it is a scam, the fact it’s sent from the forged address ccapplications@westpac.com.au may trip up some recipients.
Signs this is a scam
How to spot a phishing scam
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.