Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 29 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Multiple Variations Of A Phishing Email Scam Spoofing NAB Hit Inboxes.

by The Gurus
November 1, 2019
in Hacking
Multiple Variations Of A Phishing Email Scam Spoofing NAB Hit Inboxes.
Share on FacebookShare on Twitter

The banking industry is increasingly becoming a favourite among cybercriminals. After intercepting multiple variations of an email scam spoofing NAB earlier today, MailGuard has now detected another phishing email scam purporting to be from Westpac.

Using a display name “Westpac Bank”, the emails are actually sent by what appears to be a compromised account. The message body is in plain-text, advising recipients that some unusual activity was noticed on their account. Their account has been temporarily locked and a link is provided to re-activate their account (see ‘westpac phishing email’).

Unsuspecting recipients who click on the link are led to a Westpac branded phishing page, asking for their account ID and password (see westpac 2).

Once they enter these details, they are taken to a second page asking for some personal information, such as date of birth, mobile number and driver’s license number (see westpac 3).

When this second page is submitted, the user is shown a page stating their account is being verified, after a short pause they are redirected to the actual Westpac bank login page.

Whilst this attempt isn’t as sophisticated as many other examples we have seen, it will still fool less vigilant recipients into entering their login credentials. Here are certain signs that point to this email’s illegitimacy:

The plain-text email has no branding or customised information. It starts with ‘we noticed some unusual activity in your account’ with no further details about this activity.
There are several grammatical inconsistencies such as ‘Sign On here’, and the lack of proper punctuation (‘re activate’).
Real banks never direct their customers to click a link to sign in to resolve an issue

As a precaution, we urge you not to click links within emails that:

Are not addressed to you by name.
Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
Are from businesses that you were not expecting to hear from.
Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The URL for Westpac’s internet banking login page is: https://online.westpac.com.au

Westpac offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling 132 032 or emailing them at [email protected]

Phishing preys on the weakest link in the IT security chain – users. Tricking someone into handing over their password is far simpler than breaking into a bolstered system. As a result, hackers use tactics such as brandjacking to manipulate users and obtain sensitive data.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Domain Spoofing Continues To Baffle Europe’s Leading Cybersecurity Vendors.

Next Post

81 Percent Of SMEs Believe That AI Is Fundamental To The Future Of Cyber Security.

Recent News

Blue Logo OUTPOST24

New Research Examines Traffers and the Business of Stolen Credentials

March 28, 2023

How to Succeed As a New Chief Information Security Officer (CISO)

March 28, 2023

The Importance of Data Security and Privacy for Individuals and Businesses in the Digital Age

March 28, 2023
penetration testing

Cymulate’s 2022 Cybersecurity Effectiveness Report reveals that organizations are leaving common attack paths exposed

March 28, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information