Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    eBook    Contact
Bookmark and Share

Westpac '3 Incorrect Logins' Phishing Scam

Email purporting to be from Australian bank Westpac, claims that the recipient's account has been limited due to three incorrect login attempts and he or she should fill in and submit an attached form within 24 hours, or the account may be suspended.



Brief Analysis
The email is not from Westpac. The message is a phishing scam designed to trick recipients into divulging their personal and financial information to cybercriminals.

Bookmark and Share

Subject: Account Notification : 3 incorrect login

Within Westpac latest security checks, we recently discovered that today there were 3 incorrect login attempts to your account. For your safety, Westpac set your account status to limited. For your account status to get back to normal, you will have to download and complete form number 613-752893 attached to this e-mail.

Due to our latest fraud attempts, the following IP adresses were recorded:

Invalid login from:
Invalid login from:
Invalid login from:


This form is mandatory, if you do not complete it in less then 24 hours, your account may get suspended.

Westpac Banking Corporation ABN 33 007 457 141 AFS Licence No. 233714.
This e-mail was officialy sent by Westpac Private Bank Executive Team, your reference number is (418-217-9908)

Westpac Login Scam

Detailed Analysis

According to this email, a security check at Australian bank Westpac discovered that there was three incorrect login attempts on the recipient's account and access to the account has therefore been limited for safety reasons. The message claims that the recipient must fill in and submit a "mandatory" form - included in an attached file - within 24 hours or the account may be suspended. The message comes complete with a seemingly official Westpac logo along with a supposed IP record of the failed login attempts and a "confirmation code".

However, the message is not from Westpac and the claim that recipients must supply their information or risk account suspension is a lie. In fact, the message is a phishing scam designed to trick Westpac customers into handing over a large amount of personal and financial information to Internet criminals. Opening the attached file loads a fake HTML form into the user's browser. The fake form is designed to resemble the genuine Westpac website and includes secondary links to the real Westpac site. The first form presented to victims asked for personal and contact information, as shown in the following screen shot:

Westpac Bogus Form

After the user has filled in the above form, a second form will appear that asks for credit card details:

Bogis Westpac Form

All information submitted on the fake forms will be sent to criminals who can then use it to commit credit card fraud and identity theft.

No legitimate financial institution would ever expect its customers to submit sensitive information via an unsecure form delivered via an email attachment. Phishing is a very common type of Internet fraud. Be wary of any message that claims that you must follow a link or open an attachment to update account details. Always login to your online accounts by entering the address into your browser's address bar rather than by clicking a link in an email.

Westpac has information about online fraud and how to submit scam examples on its website.

Bookmark and Share

Last updated: March 13, 2013
First published: March 13, 2013
Written by Brett M. Christensen
About Hoax-Slayer

Phishing Scams - Anti-Phishing Information
Westpac - Fraud and scams