Australians are being warned against an email phishing scam targeted at roughly 14 million Australians.
Email security firm Mailguard issued a recent warning about the scam that attempts to steal the personal and banking details of Westpac customers by trying to get them to “update [their] account”.
“This sole purpose of this elaborate phishing scam is to harvest the login credentials of Westpac customers so the criminals behind this scam can break into their bank accounts,” wrote Mailguard social media manager Akankasha Dewan in a post.
Westpac has roughly 14 million customers in Australia and is the third-largest bank in the nation by assets.
What the email looks like
The subject line of the email warns: “Online activity on-hold !”
The fake email contains the Westpac logo but the email address is not from the real bank.
“Your online purchases have been stopped,” the email continues.
“Unfortunately we couldn’t verify your payment details from your account.
In order to “avoid suspension of your online activity,” victims are told to “please update your account”.
They are then given a link, which leads to a fake Westpac login page that asks for their customer ID and password. The hyperlink is a dead give-away of the scam.
After you ‘sign in’ to the fake website, victims are then led to another page that asks you to fulfil three “steps” to unlock your account.
You’re asked to provide your Westpac credit card details and your email address before being informed your account has been “successfully unlocked”.
“By typing in your account number and password, you’re handing this sensitive account information to cybercriminals and enabling them to commit identity theft,” said Dewan.
How to spot phishing scams
Don’t fall for the techniques cybercriminals use to harvest victims’ data, he warned.
Scams often come from what appears to be trusted institutions, and also usually involves an alarming call-to-action to create a sense of anxiety and urgency.
The threat of account suspension can also fool people into taking action immediately and clicking on a malicious link, without checking if the sender or email is legitimate.
“Combined, all these techniques motivate the users to proceed forward in ‘reactivating’ their account.”
Be on the lookout for emails with spelling mistakes, unusual branding, emails that don’t address you by name, and links that take you to false websites.
If you’ve been hit with this scam, let Westpac know at email@example.com.
Make your money work with Yahoo Finance’s daily newsletter. Sign up here and stay on top of the latest money, economy, property and work news.