DTX Manchester DTX Manchester
  • About Us
Tuesday, 2 March, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Multiple Variations Of A Phishing Email Scam Spoofing NAB Hit Inboxes.

by The Gurus
November 1, 2019
in Hacking
Multiple Variations Of A Phishing Email Scam Spoofing NAB Hit Inboxes.
Share on FacebookShare on Twitter

The banking industry is increasingly becoming a favourite among cybercriminals. After intercepting multiple variations of an email scam spoofing NAB earlier today, MailGuard has now detected another phishing email scam purporting to be from Westpac.

Using a display name “Westpac Bank”, the emails are actually sent by what appears to be a compromised account. The message body is in plain-text, advising recipients that some unusual activity was noticed on their account. Their account has been temporarily locked and a link is provided to re-activate their account (see ‘westpac phishing email’).

Unsuspecting recipients who click on the link are led to a Westpac branded phishing page, asking for their account ID and password (see westpac 2).

Once they enter these details, they are taken to a second page asking for some personal information, such as date of birth, mobile number and driver’s license number (see westpac 3).

When this second page is submitted, the user is shown a page stating their account is being verified, after a short pause they are redirected to the actual Westpac bank login page.

Whilst this attempt isn’t as sophisticated as many other examples we have seen, it will still fool less vigilant recipients into entering their login credentials. Here are certain signs that point to this email’s illegitimacy:

The plain-text email has no branding or customised information. It starts with ‘we noticed some unusual activity in your account’ with no further details about this activity.
There are several grammatical inconsistencies such as ‘Sign On here’, and the lack of proper punctuation (‘re activate’).
Real banks never direct their customers to click a link to sign in to resolve an issue

As a precaution, we urge you not to click links within emails that:

Are not addressed to you by name.
Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
Are from businesses that you were not expecting to hear from.
Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The URL for Westpac’s internet banking login page is: https://online.westpac.com.au

Westpac offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report a scam, by calling 132 032 or emailing them at [email protected]

Phishing preys on the weakest link in the IT security chain – users. Tricking someone into handing over their password is far simpler than breaking into a bolstered system. As a result, hackers use tactics such as brandjacking to manipulate users and obtain sensitive data.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Domain Spoofing Continues To Baffle Europe’s Leading Cybersecurity Vendors.

Next Post

81 Percent Of SMEs Believe That AI Is Fundamental To The Future Of Cyber Security.

Recent News

Dripping tap

Learning from past hacking attacks

March 2, 2021
Twitter Logo

Twitter tightens rules on the spread of misinformation

March 2, 2021
A crowd of Trump supporters

“GabLeaks”: Far-Right platform Gab is hacked, with posts leaked online

March 1, 2021
Coding in a laptop

Go is becoming the language of choice for malware developers

March 1, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept