Happy new month says phishing email

Happy new month says phishing email

“Happy New Month” is part of the greeting from the latest phishing email to hit our spam filters. Seriously. Naturally enough, it would be an even happier month for the crafters of such a disingenuous greeting if you could also confirm your Westpac account balance by clicking on a link. The email is fake; if you receive it, delete it.

We have reproduced the email in Figure A. It is a fairly plain email; no branding is used, and there is not much else in the email. The subject line of the email is “Happy Month from Westpac”, whilst the sender is “Westpac Bank”.  The email does not have a salutation. It opens with the line “Wishing you Happy New Month from Westpac Bank”. There is one link contained in the body of the email. This link contains text that is the same as the official Westpac site.

There is not much to this email. The single sentence in the body of the email simply asks the user to confirm their account balance, for unspecified “security” reasons. Many phishing emails give away that they are bogus by poor grammar and/or spelling. This email has one sentence, which contains one error.

The big red flags to this email are the lack of a personalised greeting, and the link in the email. The lack of a personalised greeting is a big giveaway. Banks will always use a greeting that is tailored to the name of the account holder. The second giveaway is the link. Whilst it looks convincing, mousing over it shows that it links to a phishing site, not to Westpac.This phishing site is designed to steal your banking login identifiers, and potentially, your credit card details.

As much as this is a simple enough email, such emails can still trick users. Whilst maybe only 1% of these types of phishing emails trick users, if 10,000 emails are sent out, this still equates to 100 people being fooled and potentially handing over their banking login details.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service