Westpac cash bonus phishing scam
Apparently Westpac has had a successful quarter year and is offering a cash bonus to 100 of its customers. The cash bonus is substantial; AUD $5000. All you have to do is click on a link supplied in the email and confirm your internet banking details. If you suspect something is amiss, you are right: this is another phishing scam, designed to steal user’s banking login credentials.
We have reproduced the email in Figure A. The subject of the email is “Westpac 2015”. The sender is not always the same, but we have noticed that the email domain always ends in “.py”, which is the country code for Paraguay. There is a realistic looking Westpac logo located at the top left of the email. The greeting used by the email is “Dear Customer”. There is one link in the email. The link is contained in a button, with the text “Enrol Here”. The bottom of the email has a fairly standard looking disclaimer type statement.
The purpose of the email is apparently to give 100 Westpac customers the chance to receive a $5000 AUD payment. In order to be eligible to receive the payment, the user is requested to click on the link and enter their internet baking details. According to the email, this is for verification purposes.
Needless to say, this email is not genuine. The main giveaway is the lack of a personalised greeting (banks will always address the email to the name an account is held in) and the link. Checking the link by mousing over it shows that it does not go to Westpac. It goes to a phishing site. The phishing site looks to steal the victim’s internet banking details, with the intent to commit fraud.
The lure of AUD $5000 could possibly be sufficient to tempt people to click on the link, so this phishing email is a subtle, but potentially dangerous scam. If you receive this email, delete it.