The Westpac Bank Phishing Scam
Westpac [no-reply41356 @hlc1.westpac.com.au]
This is an automated message to notify you that we detected a login attempt with a valid password to your account from an unrecognized device yesterday @
Location: NICARAGUA, MANAGUA,IP=188.8.131.52 Latitude, Longitude: 42.26353, -75.2059 Connection through: TELEMATIX/ENITEL Local Time: 2013 08:29 PM (UTC -06:00) IDD Code: 505 Weather Station: MANAGUA (NUXX0004) Usage Type: ISP
Was this you? If so, you can disregard the rest of this email. If this wasn't you kindly follow the account review link:
http://login.westpac.com .au.ia-6804.serv-91. webhop.info/an/index .php?r=3965418253
Westpac Bank Customer Care
2013 Westpac Financial Corporation. All Rights reserved
E-mail ID: 70409795
This email message claims that someone signed into the recipient's account from a particular location and the recipient should click the link within if they were not the one who signed in from that location. This is a trick to convince the recipient into clicking on the link, which will take him/her to a phishing or fake Westpac sign in or login page.
If the recipient enters his/her Westpac username and password on this bogus or fraudulent website, it will be sent to the scammers behind this fraudulent email message and website. With the recipient’s username and password, these scammers will be able to gain access to that person’s Westpac accounts.
For the link in the email address, if you look at it, you will notice that it ends with "login.westpac.com.au". Now, a lot of persons will look at this and think the link goes to the Westpac website located at http://westpac.com.au, but it does not. The link actually goes to the website "webhop.info".
What the scammers have done is to create subdomain names at the webhop.info website with the name "login.westpac.com.au". The subdomains are the names after the dots (".") in the website name, moving from the right to the left.
Here is an example:
If I create the subdomains "login.westpac.com.au" at onlinethreatalerts.com, this is how the website address would look:
Although the website has westpac.com in it, it does go there; instead, it will go to onlinethreatalerts.com. When looking at a domain or website name, always read it from right to left.
This type of subdomain creating is called "Domain Cloaking" and cybercriminals use this technique to trick persons into believing that they are on a legitimate website.
If you were tricked by this email message into clicking on the phishing link and have entered your Westpac username and password on the phishing web page, please change your Westpac password now or contact Westpac immediately.
Never click on a link to login or sign into any of your online accounts, instead, type the name of the website address into your web browser address bar. Once you are on the homepage of the website, you may navigate to the login or sign-in page.
Westpac bank says: "If you happen to get these emails in future did you know you can forward to email@example.com so our security team can investigate the origin and hopefully shut these fraudsters down."
Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search
Note: Some of the information in samples on this website may have been impersonated or spoofed.
Comments, Questions, Answers, or Reviews
To protect your privacy, please do not post or remove sensitive information in or from your comments, questions, or reviews. NB: We will use your IP address to display your approximate location to other users when you make a post. That location is not enough to find you.
Your comment, answer, or review will be set as anonymous because you are not signed in. An anonymous comment, answer, or review cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.
Write Your Comment, Question, Answer, or Review