The banking industry is increasingly becoming a favourite among cybercriminals. After intercepting multiple variations of an email scam spoofing NAB earlier today, MailGuard has now detected another phishing email scam purporting to be from Westpac.
Using a display name “Westpac Bank”, the emails are actually sent by what appears to be a compromised account. The message body is in plain-text, advising recipients that some unusual activity was noticed on their account. Their account has been temporarily locked and a link is provided to re-activate their account (see ‘westpac phishing email’).
Unsuspecting recipients who click on the link are led to a Westpac branded phishing page, asking for their account ID and password (see westpac 2).
Once they enter these details, they are taken to a second page asking for some personal information, such as date of birth, mobile number and driver’s license number (see westpac 3).
When this second page is submitted, the user is shown a page stating their account is being verified, after a short pause they are redirected to the actual Westpac bank login page.
Whilst this attempt isn’t as sophisticated as many other examples we have seen, it will still fool less vigilant recipients into entering their login credentials. Here are certain signs that point to this email’s illegitimacy:
The plain-text email has no branding or customised information. It starts with ‘we noticed some unusual activity in your account’ with no further details about this activity.There are several grammatical inconsistencies such as ‘Sign On here’, and the lack of proper punctuation (‘re activate’).Real banks never direct their customers to click a link to sign in to resolve an issue
As ..
Support the originator by clicking the read the rest link below.
