Scam targeting bank customers with fake website
WESTPAC customers are warned to be taking extra care following the emergence of a troubling malicious email scam this week.
Discovered by Australian cybersecurity firm MailGuard on Wednesday, the scam is targeting Westpac customers with an email that has a subject line reading "your account is locked".
The email advises customers' that their account has been temporarily locked "as a result of technical issues detected" and can only be fixed by clicking on a link within the article.
Clicking the link will take victims to a replica of the Westpac banking website, where they are told to enter their customer ID and password.
Doing so will give the cybercriminals behind this campaign the ability to steal and record login information needed to access victims' accounts.
While this fraud does contain many indications it is a scam, the fact the forged email address ends in @westpac.com.au may trip up some recipients.
MailGuard chief executive Craig McDonald said these type of banking scams often increase around end-of-financial-year time.
"The criminals behind these fraud attempts are relying on people being busy; they want people to drop their guard for a moment and unwittingly hand over all the information necessary to hack a bank account. In this case, it's simply a customer ID and password," he told news.com.au.
"While this one is a very simple phishing email - and there are some telltale signs it is not legitimate - the fake Westpac banking site it leads to looks very realistic."
Mr McDonald added this type of scam wasn't isolated to Westpac.
"In the past few days we're seen Suncorp internet banking customers targeted in a similar phishing attack, and a fake e-toll invoice disguised as an email from NSW Roads and Marine. These attempts are now a daily occurrence," he said.
"I urge Australians not to be 'happy clickers'. Be extra vigilant. If you receive an email - or an SMS - asking you to click and link and log in somewhere, take an extra moment to stop and consider what you're handing over. It can take just seconds for a cybercriminal to drain a bank account."
News.com.au has contacted Westpac for comment.
Have you been caught in a scam? Continue the conversation in the comments below.