Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

Westpac 'Bill Payment Successfully Processed' Phishing Scam


Outline

Message supposedly sent by Australian bank Westpac, notifies recipients that a payment to a biller has been successfully processed and invites them to click a link to view transaction details.

Facebook phising
© Depositphotos.com/ mybaitshop

Brief Analysis

Westpac did not send the email. The message is a phishing scam that attempts to lure Westpac customers into visiting a fraudulent website and providing their account login details. Criminals will use the stolen information to hijack Westpac bank accounts belonging to their victims.

Example

Subject: Bill Payment - 02/22/2014
From:  Westpac
Westpac Bill Payment
Category: Successful transactions
Date received:
02/22/2014 07:27 PM
Message:
Your bill payment to the following biller has been successfully processed:
From Account:           XXXXXX445774 Complete Access
Amount:         $9.31
Date:   02/22/2014
Biller Name:   AGL Sales Pty Ltd
Biller Nickname:        bruce
To Biller:        Mega Sales Pty Ltd
Customer Reference No:      0000810010288126606
View transaction details

This is an automated message please do not reply.

Westpac Payment Phsing Scam


Detailed Analysis

This email, which was supposedly sent by large Australian bank Westpac, informs recipients that a payment to a biller has been successfully processed. The email includes details of the bill payment and invites recipients to follow a link to view more information about the transaction. The message includes the Westpac logo.

But, alas, the email is not from Westpac. It is a phishing scam that was created with the goal of tricking recipients into giving their Westpac account login details to cybercriminals.

Some Westpac customers who receive the bogus notification may be panicked into clicking the link in the mistaken belief that their accounts have been compromised and used to conduct fraudulent transactions in their names.

Those who do follow the 'view transaction' link will be taken to a fake website tricked up so that it closely mirrors a genuine Westpac webpage. The fake site presents a bogus login form that even features the virtual keyboard security option that is used on the genuine site.

After victims provide their login information on the bogus site, they will be automatically redirected to the genuine Westpac home page. They may be puzzled as to why they have not been taken to the transactions details page they expected.

Meanwhile, however, the criminals responsible for the phishing campaign will collect the submitted login credentials. The criminals can use the stolen credentials to access their victims' bank accounts, transfer funds and commit further fraudulent transactions.

If you receive one of these emails, do not click any links or open any attachments that it contains. Westpac has published information about phishing scams and how to report them on its website.

Phishing continues to be a very common form of cyber crime that gains new victims all around the world every day.




Last updated: February 25, 2014
First published: February 25, 2014
Written by Brett M. Christensen
About Hoax-Slayer

References
Prevent fraud and scams
Phishing Scams - Anti-Phishing Information






Latest Hoax-Slayer Articles