Phishing E-Mail Seeks To Trap Westpac Customers
A sophisticated phishing attack on Westpac bank in the first week of June 2007 tried to trick customers into adopting a new upgraded credit card while disclosing their account details, as published by Stuff.co on June 11, 2007.
The phishing e-mail used images lifted from the Australian domain of Westpac. It said users could know about the limit in their account by simply logging onto it for the message. The link in the e-mail redirected users to a web page with westpac.co.nz address. But the web page host actually was Oregon Mennonite Festival set up for World Relief Website.
According to Nick Bolton, head of Christchurch-based security firm Firetrust, phishers commonly compromised unprotected sites to post their materials. While certain portions of the e-mail uses English correctly implying it incorporated some information from Westpac, other portions have spelling and grammatical errors. The e-mail profusely warns about general security on the Internet.
Security experts at Westpac took the website offline pretty quickly. There has been no report to the bank about any customer losing money due to the scam.
Recently online scammers had come down on Kiwibank with a series of phishing attacks during May's last week to June's first week. The final attacks was on 4th June 2007 in which thousands of people in New Zealand received unsolicited e-mails requesting them to register with a Kiwibank "Customer Appreciation Day" to be celebrated on 7th June 2007.
After a while it was realized that the e-mail's sender "Kiwibank[mailto:email@example.com]" was a fake address. The e-mail directed the clients to a phony website, which asked for their registration by submitting their account particulars and pin-numbers. Also, there was an invitation for customers to pay a visit to any of the various branches of Kiwibank on June 7, 2007 for a treat of coffee & cake as bank's gesture of gratitude to its customers' loyalty. The bank regarded the problem seriously.
Spokeswoman for Westpac, Ms. Rachel Faulkner said her bank neither requests for personal information nor sends links to the banking site. Therefore, people receiving such e-mails should delete them. Stuff.co published this on June 11, 2007.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 26-06-2007