Confirm transaction says phishing email

Confirm transaction says phishing email

There are many variants on phishing emails. When we look at emails targeting bank customers, the usual technique is either the customer’s account needs to be verified or confirmed. Another variation is that extra details are required. A deadline is usually given for performance of whatever action is required. The email usually issues a stern warning of the fate of non compliant accounts. This fate is usually along the lines of online services being suspended. The emails are using a sense of urgency in order to trick the recipient into performing an action. Today we present a variation on this theme. This time an email is sent out asking the recipient to confirm a transaction.

Figure A shows the email in question. It is supposedly from Westpac. The subject line of the email reads “Funds Transfer – Payment Confirmation.” The sender of the email is shown as “Westpac”. There is no salutation. We have blacked out the customer’s email address.

MailShark Confirm transaction says phishing email
Figure A – Click to Enlarge

The email begins with “Payment Confirmation” in large bolded characters. This should get most people’s attention. The email then goes on to inform the recipient that they have made a “funds transfer to a payee with account ending 8169”. The email goes on to say that the user can click on a link if they think the payment was processed incorrectly.

A second link is provided that enables the recipient to login to their internet banking account. Although the email says it is from Westpac, there is no branding or logos present in the email. Two of the three links on the bottom of the email lead back to the same site, whilst the one showing “Westpac” in the text does actually lead back to Westpac.

This is a fairly simple phishing email. It is using a trick to entice the recipient to click on the links in the email. If you look at the number 8169, it’s almost certain that the recipient will not have transferred money to an account ending in that precise combination of digits. Playing upon people’s fears that they may have been hacked is a ruse often used in phishing emails. This one certainly does just that.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service

Share This Post

Post Comment