« Forget the wife: your PC understands you | Main | Microsoft goes 'Phisher' hunting »

June 27, 2006

Nasty Westpac phishing scam

There's something chilling about the latest phishing attempt that popped into our Inbox yesterday.

"Dear Westpac Online Limited customer", it read, "We are constantly striving to provide you with more convenience, control, and security to assist in managing our services. As part of our ongoing efforts to make it easier for you to use our online services, we have revised the Westpac Online Internet Banking Terms and Conditions that you reviewed and accepted when you began to use Westpac Banking services. No additional action is required by you to continue to use your online services. To review the changes, click on the link below ..."

When you click on the link, it seems to duplicate the Westpac sign-in screen perfectly. We wouldn't be at all surprised if this effort in social engineering convinced some Westpac customers to blithely type in their account number and password.

Posted by cw at June 27, 2006 12:27 PM

Trackback Pings

TrackBack URL for this entry:
http://bleedingedge.com.au/cgi-bin/mt/mt-tb.cgi/945

Comments

Makes sense - apply logic. DO NOT respond to an unsolicitated email from the "bank". If you didn't initiate - just don't.

Posted by: Newman at June 27, 2006 04:35 PM

Charles,

Can you bump a copy of the e-mail over to me?

Posted by: Stephen [TypeKey Profile Page] at June 27, 2006 05:19 PM

What happens if you type in an intentionally wrong username/pwd combination? Is this a technique for checking (as well as clogging their system) or is their some stupidity to this I'm overlooking?

Posted by: Alex at June 27, 2006 07:01 PM

Anyone with an ebay account is plagued with this sort of scam. I feel sorry for the poor buggers who aren't suspicious enough to smell a rat.

Posted by: Tony at June 27, 2006 07:57 PM

I am not too sure on the exact details of this scam though it may be similar to the National Bank scam.

I have updated some info on the forum here

Posted by: Stephen [TypeKey Profile Page] at June 27, 2006 10:31 PM

The wording is very similar to one in circulation using the NAB banner - probably the same "folks" / pondlife.

Posted by: Tony Meurer at June 30, 2006 04:41 PM

I think this phishing thing is quite dangerous. One day one of my co-workers (work in a asx top 100 co) came in and said he wants me to show him how to log in the company's outlook server web client. I showed him... and went back to my desk... and there was an email from our help desk not to do that... someone was phishing our outlook web client!!!!!!!!!!!!!!!!!!!!

This is quite amazing... considering we don't have a heap of people logging on the webclient anyway.. every one has a site based computer... still for someone to replicate the front of our legacy outlook server front page was quite brash/breathtaking.

PS: thankfully coz our helpdesk found out about it.. and so we did as well.. and were able to change our passwords etc.

Posted by: Sumit G [TypeKey Profile Page] at July 2, 2006 12:15 PM

Post a comment




Remember Me?



(you may use HTML tags for style)