According to this email, which purports to be from Australian bank Westpac, a review has identified an issue regarding the safe use of your account. It claims that your account has been restricted as a precaution. The message urges you to click a button to provide further information and lift the account restriction.
However, the email is not from Westpac. It is a phishing scam designed to steal your personal and financial information.
This is what the scam email looks like:
If you fall for the ruse and click the link, you will first be taken to a fraudulent website that asks you to enter your customer ID and password:
Next, the following fake form will load in your browser. The form asks for your Westpac card details as well as your email address and email account password:
After supplying the requested information, a final page will load that claims that you have successfully verified your identity:
Finally, you will be automatically redirected to the genuine Westpac website.
The scammers can now collect the information you supplied on the fake site and use it to hijack your bank account and use your card for fraudulent transactions. They can also access your email account, steal personal information it may contain, and use the account to send spam, scam, and malware emails in your name.
Bank phishing scams like this are very common. Be wary of any email that purports to be from your bank and claims that you must click a link or open an attachment to update details, rectify an account problem, or lift a supposed restriction. Your bank will not send you such an email.
It is always safest to login to all of your online accounts by entering the address into your browser’s address bar or via an official app.
If you receive a Westpac scam email or SMS you can report it via the details listed on the Westpac website.