Westpac customers are being told to be on the lookout for a new phishing scam hitting Aussie inboxes.
According to email filtering company, MailGuard, the “low-tech phishing attempt” has been sent out to a relatively small number of recipients thus far.
The email shows the subject line ‘Your account is locked’ and says the person’s account has been temporarily locked “as a result of technical issues detected”. Recipients are told to click a link to unlock their internet banking access.
The link takes victims to a replica of the Westpac banking website, hosted on the unrelated domain of a Tanzanian guesthouse, which was the company said was likely compromised in an earlier cyber hack.
It said that victims are then told to enter their customer ID and password.
“This is a ploy by the cybercriminals behind this campaign to steal and record log-in information, allowing them to access victims’ accounts and transfer money into their own hands,” MailGuard said in a blog post.
The company said that while the fraud email contains many indications it is a scam, the fact it’s sent from the forged address (email@example.com) may trip up some recipients.
The company detailed a list of indicators for users to identify that this email campaign is a scam. They are:
The plain-text email has no branding or customised information. It starts with a generic ‘This is to inform you’ message
Words are inconsistently capitalised (see Locked/locked and RESOLVE IT HERE).
Real banks never direct their customers to click a link to sign in to resolve an issue
By hovering over the link you can see where it really takes you – in this case an accommodation provider based in Tanzania
On the fake Westpac site’s URL you’ll see a padlock with a red line through it, which indicates the website is not secure.
The real Westpac site, https://www.westpac.com.au/, has a green padlock, indicating it is safe to use.
Further, the company has listed a generic set of guidelines for identifying phishing email campaign or other type of scam. They Include:
A heightened sense of urgency in the email
Bad grammar, poor spelling, misuse of punctuation
An attempt to ‘verify’ your information such as user name or password
Illegitimate links (hover over them and you can tell straight away)
Generic throughout, with no use of personalisation
Obscure sending addresses
Distorted logos or poor-quality graphics in the email body.
The scam follows two recent attempts by cybercriminals to impersonate government agencies in an attempt to steal user credentials. In March, Australian business owners were warned to avoid clicking a malicious email claiming to be from the Australian Securities & Investments Commission (ASIC), with the high-risk message containing hidden ransomware.
A month later another campaign was discovered, this time cybercriminals attempted to impersonate the NSW Roads & Maritime Services department.
That attack mimicked an ‘E-Toll account statement’ and carries the actual branding for Roads & Maritime, the logo for NSW Transport, Roads & Maritime Services, and a realistic privacy statement, recycling message and other appropriate language.