The customers of the Australian bank Westpac are once again targeted with phishing emails. This time, the bogus notifications inform recipients that their bill payment has been successfully processed.
The emails carry the subject line “Bill Payment – 02/22/2014” and look something like this:
“Westpac Bill Payment
Category: Successful transactions
02/22/2014 07:27 PM
Your bill payment to the following biller has been successfully processed:
From Account: XXXXXX445774 Complete Access
Biller Name: AGL Sales Pty Ltd
Biller Nickname: bruce
To Biller: Mega Sales Pty Ltd
Customer Reference No: 0000810010288126606
View transaction details
This is an automated message please do not reply.”
The emails have nothing to do with Westpac. Instead, cybercriminals are hoping that the bank’s customers who get this notification will rush to click on the link contained in the email to see if an unauthorized transaction has been made from their account.
According to Hoax Slayer, the links from these emails point to a fake Westpac website that looks similar to the genuine site. Here, users are instructed to log in to their accounts.
In reality, they’re not logging in to their accounts, but handing over their login credentials to the cybercriminals who run this scheme. Once the information is entered, victims are redirected to the genuine Westpac website. Many might not even realize what has happened.
If you’re a victim of this scam, change your password immediately. Depending on what the cybercriminals could have gained access to, it might also be wise to contact the financial institution and let them know about the incident.
Here are some pieces of advice to help you avoid falling victim to such phishing attacks:
– when receiving “urgent” emails, particularly if they purport to come from financial institutions, make sure that the links they contain point to the company’s official domain, and not some other site;
– legitimate notifications never have ZIP files attached to them – this is usually a sign that the email is malicious;
– check for typos and grammar mistakes – a legitimate bank notification should be worded properly;
– always use strong passwords to protect your accounts. If it’s too difficult to remember multiple passwords, use a password manager;
Westpac customers can also check out the fraud and scams page on the company’s website. It provides useful advice on email scams, malicious software, and it also contains examples of the latest cybercriminal operations.