Westpac customers have been targeted by criminals in a malicious email campaign this week that attempts to collect their personal and banking information.
Australian cybersecurity firm MailGuard on Wednesday detected the suspect emails, which are pretending to be from Westpac and designed to alarm customers with the subject “Your account is locked”.
“It says the person’s account has been temporarily locked ‘as a result of technical issues detected’,” said MailGuard founder and chief Craig McDonald. “Recipients are told to click a link to unlock their internet banking access.”
Upon clicking the link, the user is taken to a fake Westpac login page hosted under the internet domain of a Tanzanian guesthouse, which MailGuard suspects is a victim of hacking itself.
Once an unsuspecting user enters their Westpac customer ID and password into the phishing page, it’s game over as the criminals use the credentials to log in to the real Westpace online banking and transfer money to themselves.
The “from” email address in the email was successfully faked as [email protected], which may dupe some recipients. But McDonald said that there were still several telltale signs that it wasn’t an authentic message from the bank.
“The plain-text email has no branding or customised information. It starts with a generic ‘This is to inform you’ message,” he said. “Words are inconsistently capitalised — see ‘Locked/locked’ and ‘RESOLVE IT HERE’.”
The security expert added that authentic bank messages would never instruct customers to click a link to resolve an issue, which Westpac agrees with on its online scam advice page.
McDonald also said the browser address bar should show a padlock with a red strikeout line through it when the the fake Westpac login page is loaded, to point out that the site is not secure.
“The real Westpac site has a green padlock, indicating it is safe to use.”
Westpac has advised customers that may have entered information into the phishing page to contact it immediately. People who receive suspect emails can forward them to [email protected] for investigation.