Password Phishing Scam
Home ScamsPhishing Scams Westpac ‘Login Attempt From Unrecognized Device’ Phishing Scam

Westpac ‘Login Attempt From Unrecognized Device’ Phishing Scam

by Brett M. Christensen

Outline

Message purporting to be from Australian bank Westpac claims that a login attempt with a valid password from an unrecognized device has been detected on the recipient’s account.

Brief Analysis

The message is not from Westpac. It is an attempt by online criminals to trick Westpac customers into handing over their account login details and other personal and financial information.

Example

Sent: Tuesday, 29 October 2013 13:07
Subject: Your Incident ID is: WES057140487

This is an automated message to notify you that we detected a login attempt with a valid password to your account from an unrecognized device yesterday @

Location: UNITED STATES, MARYLAND, SILVER SPRING,IP=117.213.41.40 Latitude, Longitude: 85.42842, -98.9004  Connection through: VERIZON ONLINE LLC Local Time: 2013 07:39 PM (UTC -04:00) IDD Code: 1 Weather Station: SILVER SPRING (USMD0370) Usage Type: ISP/MOB

Was this you? If so, you can disregard the rest of this email. If this wasn’t you kindly follow the account review link:

[Link to scam website removed]

Sincerely,
Westpac Bank Customer Care

2013 Westpac Financial Corporation. All Rights reserved

E-mail ID: 4323896016319406482

 

Detailed Analysis

This message, which purports to be from large Australian bank Westpac, supposedly notifies the recipient about a suspect account access attempt. The message claims that a login attempt with a valid password from an unrecognized device was detected.

The message lists detailed time and location data about the supposed login attempt. It instructs customers to follow an account review link if they did not make the login attempt.
However, the email is not from Westpac and the login attempt claims are false. It is a phishing scam that tries to trick people into visiting a bogus website and supplying account login details and other personal and financial details.

The listed login location details may vary in different incarnations of the scam message.

As part of their security protocols, some online service providers may send an automatic advisory message if a login from a new device or location is detected. The scammers who created this phishing campaign are aware of such protocols and hope that their tactic will fool at least a few bank customers into believing that their message is genuine.

Real login advisory messages are very unlikely to tell customers that they must click a link to provide account information.

It is always best to login to your online accounts by entering the account web address into your browser’s address bar rather than by clicking a link in an unsolicited email.

You can report Westpac phishing scams via the reporting guidelines on the bank’s website.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer