"Westpac Bank Detected a Login Attempt from an Unrecognized Device" Phishing Email Scam

The Westpac bank phishing email message below, which claims that an attempt with a valid password was made from an unrecognized device, are being sent by cybercriminals to steal Westpac online users' login username and password. Therefore, Westpac customers who have received the same emails are asked not to follow the instructions in them, they should delete them instead.

Westpac Bank Detected a Login Attempt from an Unrecognized Device Phishing Email Scam

The Westpac Bank Phishing Scam

Westpac [no-reply41356 @hlc1.westpac.com.au]

This is an automated message to notify you that we detected a login attempt with a valid password to your account from an unrecognized device yesterday @

Location: NICARAGUA, MANAGUA,IP= Latitude, Longitude: 42.26353, -75.2059 Connection through: TELEMATIX/ENITEL Local Time: 2013 08:29 PM (UTC -06:00) IDD Code: 505 Weather Station: MANAGUA (NUXX0004) Usage Type: ISP

Was this you? If so, you can disregard the rest of this email. If this wasn't you kindly follow the account review link:

http://login.westpac.com .au.ia-6804.serv-91. webhop.info/an/index .php?r=3965418253

Westpac Bank Customer Care
2013 Westpac Financial Corporation. All Rights reserved
E-mail ID: 70409795

This email message claims that someone signed into the recipient's account from a particular location and the recipient should click the link within if they were not the one who signed in from that location. This is a trick to convince the recipient into clicking on the link, which will take him/her to a phishing or fake Westpac sign in or login page.

If the recipient enters his/her Westpac username and password on this bogus or fraudulent website, it will be sent to the scammers behind this fraudulent email message and website. With the recipient’s username and password, these scammers will be able to gain access to that person’s Westpac accounts.

For the link in the email address, if you look at it, you will notice that it ends with "login.westpac.com.au". Now, a lot of persons will look at this and think the link goes to the Westpac website located at http://westpac.com.au, but it does not. The link actually goes to the website "webhop.info".

What the scammers have done is to create subdomain names at the webhop.info website with the name "login.westpac.com.au". The subdomains are the names after the dots (".") in the website name, moving from the right to the left.

Here is an example:

If I create the subdomains "login.westpac.com.au" at onlinethreatalerts.com, this is how the website address would look:
http://login.westpac.com.au. onlinethreatalerts.com

Although the website has westpac.com in it, it does go there; instead, it will go to onlinethreatalerts.com. When looking at a domain or website name, always read it from right to left.

This type of subdomain creating is called "Domain Cloaking" and cybercriminals use this technique to trick persons into believing that they are on a legitimate website.

If you were tricked by this email message into clicking on the phishing link and have entered your Westpac username and password on the phishing web page, please change your Westpac password now or contact Westpac immediately.

Never click on a link to login or sign into any of your online accounts, instead, type the name of the website address into your web browser address bar. Once you are on the homepage of the website, you may navigate to the login or sign-in page.

Westpac bank says: "If you happen to get these emails in future did you know you can forward to hoax@westpac.com.au so our security team can investigate the origin and hopefully shut these fraudsters down."

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search Search engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.
Was this article helpful?  +
Share this with others:

Comments, Questions, Answers, or Reviews

There are no comments as yet, please leave one below or revisit.

To protect your privacy, please remove sensitive information from your comments, questions, or reviews. We will use your IP address to display your approximate location to other users when you make a post. That location is not enough to find you.

Your post will be set as anonymous because you are not signed in. An anonymous post cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.

Write Your Comment, Question, Answer, or Review

"Westpac Bank Detected a Login Attempt from an Unrecognized Device" Phishing Email Scam