Home ScamsPhishing Scams Westpac ‘New Confirmation Form’ Phishing Scam

Westpac ‘New Confirmation Form’ Phishing Scam

by Brett M. Christensen

Outline

Email purporting to be from Australian bank Westpac claims that all customers must complete and submit a new “confirmation form” contained in an attached file.

Brief Analysis

The message is not from Westpac.  It is a phishing scam designed to trick Westpac customers into sending their personal and financial information to cybercriminals. The criminals can use the stolen information to commit credit card fraud and identity theft.

Example

Subject: Message id: #885131

Dear Westpac Bank Customer

We would like to inform you that we have released a new version of Westpac Confirmation form. This form is required to be completed by all Westpac Customers.

To complete this form, download attached to this email.

Thank You,

Westpac Bank

Westpac Phishing Scam Email

 

Detailed Analysis

This email, which claims to be from Australian bank Westpac, informs recipients that a new version of the bank’s confirmation form has been released and that all customers must complete the new form. Recipients are instructed to open an attached file containing the form.

However, the email is not from Westpac and the claim that Westpac customers must update their details via the attached form is a lie.

The message is a phishing scam designed to fool unwary Westpac customers into sending their personal and financial information to Internet criminals. Customers who comply and open the attached file will be presented with the HTML form shown in the example above. The form opens in a web browser and includes the Westpac logo, formatting and colour scheme as a means of making the form seem legitimate. The form asks for name and contact details and drivers licence numbers as well as credit card information and account passwords.
When users click the “Continue” button, all of this information will be sent to the scammers. The scammers can then use the stolen information to conduct fraudulent credit card transactions and steal the identities of victims.

Despite a great deal of publicity, people all around the world continue to fall for phishing scams every day. Phishing continues to be one of the most common types of Internet fraud. Your bank will never send you an unsolicited email that asks you to supply sensitive personal and financial information via a form in an attached file or by clicking a link.

It is always safest to login to all of your online accounts by entering the account address into your browser’s address bar rather than by clicking a link or opening an attached file.

You can report Westpac phishing scams you receive via the reporting email address listed on the bank’s website.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer