Message supposedly sent by Australian bank Westpac, notifies recipients that a payment to a biller has been successfully processed and invites them to click a link to view transaction details.
Westpac did not send the email. The message is a phishing scam that attempts to lure Westpac customers into visiting a fraudulent website and providing their account login details. Criminals will use the stolen information to hijack Westpac bank accounts belonging to their victims.
Subject: Bill Payment – 02/22/2014
Westpac Bill Payment
Category: Successful transactions
02/22/2014 07:27 PM
Your bill payment to the following biller has been successfully processed:
From Account: XXXXXX445774 Complete Access
Biller Name: AGL Sales Pty Ltd
Biller Nickname: bruce
To Biller: Mega Sales Pty Ltd
Customer Reference No: 0000810010288126606
View transaction details
This is an automated message please do not reply.
This email, which was supposedly sent by large Australian bank Westpac, informs recipients that a payment to a biller has been successfully processed. The email includes details of the bill payment and invites recipients to follow a link to view more information about the transaction. The message includes the Westpac logo.
But, alas, the email is not from Westpac. It is a phishing scam that was created with the goal of tricking recipients into giving their Westpac account login details to cybercriminals.
Some Westpac customers who receive the bogus notification may be panicked into clicking the link in the mistaken belief that their accounts have been compromised and used to conduct fraudulent transactions in their names.
Those who do follow the ‘view transaction’ link will be taken to a fake website tricked up so that it closely mirrors a genuine Westpac webpage. The fake site presents a bogus login form that even features the virtual keyboard security option that is used on the genuine site.
After victims provide their login information on the bogus site, they will be automatically redirected to the genuine Westpac home page. They may be puzzled as to why they have not been taken to the transactions details page they expected.
Meanwhile, however, the criminals responsible for the phishing campaign will collect the submitted login credentials. The criminals can use the stolen credentials to access their victims’ bank accounts, transfer funds and commit further fraudulent transactions.
If you receive one of these emails, do not click any links or open any attachments that it contains. Westpac has published information about phishing scams and how to report them on its website.
Phishing continues to be a very common form of cybercrime that gains new victims all around the world every day.