Latest phishing email mimics Westpac

Latest phishing email mimics Westpac

Today’s phishing email mimics Westpac, and uses the urgent sounding subject line “Westpac – Balance exceeded!” as enticement for the recipient to act. It’s another in a long string of phishing emails stopped by our spam filters this festive season. It does have the (dubious) honour of being the first bank phishing email stopped in 2015.

As mentioned above, the subject line of the email is pretty eye catching. The sender of the email is supposedly Westpac; a screenshot of the email is shown in Figure A. The three links in the email are all to the same site (which is not a Westpac site).

The email suggests that a transfer has been rejected due to lack of funds, and informs the recipient that if they “suspect account abuse” they should login to their account via the link.

This email is a basic phishing email. The criminals didn’t even bother adding a Westpac logo to the email. In fact they didn’t bother with a few things. There is no salutation; not even a “Hello”, which some emails contain. There is no attempt at a signature line.

Aside from the lack of personalisation and a signature line, mousing over the links in the email does not show a Westpac site. Instead, it leads to a phishing site. The sender of the email does not have a Westpac email domain name.

Despite its apparent simplicity, emails such as these can still be effective. The practice of using social engineering to snare user account details often plays on people’s fear of online security. This is an example of such a technique. The end of year often sees people transferring money for Christmas gifts, so this email is using the time of year as a further attempt to snare users.

If you receive this email, delete it.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service