phishing emailBE CAUTIOUS WITH EMAILS FROM BANKS –EVEN YOURS. You may have received a “Security Upgrade” email from Westpac recently. If you are a Westpac customer, you may have read this email. You may have even taken it seriously… We want to warn you, this email is a scam! We describe what this email looks like, what it’s designed to do, and what you need to do if you come across it. If you are not a Westpac customer, this may still be extremely important for you, as these types of emails are targeting you in different forms every day and can impact not only your bank accounts, but also your personal and financial identity.


By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and

On Tuesday the Government’s ‘Stay Smart Online’ website sent out an alert about a very fishy phishing email targeting Westpac Bank customers. The SSO alert is below:


Westpac customers targeted again by phishing emails

28 May 2013

Email warns of security upgrade, but links to fake banking site

On 23 May 2013, antivirus vendor AVG issued a warning about the circulation of fake security notification emails pretending to originate from Westpac.

Like similar fake emails that have targeted Westpac, this example claims to be addressing security concerns over a “recent spate of fraud and identity theft”. It advises that a security upgrade is being undertaken and will be effective once customers login to their account.

The email includes a number of tell-tale errors that suggest it is a fake. In the image below, AVG has provided an overview of the errors which can help to identify it as a scam.

AVG Westpac phishing email

Image credit: AVG

The fake banking website linked from this email looks similar to Westpac’s current online banking logon page.

Don’t be fooled. This page is set up explicitly to capture your banking details.

Westpac phishing email

 [Image: SSO]

Avoid phishing emails

Always be suspicious of unsolicited emails.

Do not click links or open attachments. The best advice is to simply delete the email.

If you are uncertain about an email you can always cross check the information by going independently to the company’s website or by calling the company directly.

Westpac hosts a list of examples of ghost sites/fake sites that mimic its online banking page.

Many reputable websites will specify how they will communicate with you on their website. Anything outside of this is suspicious. Westpac provides useful information about security on its website.


The ins and outs of phishing scams

Phishing scams are generally emails or text messages like the Westpac email, which impersonate genuine companies in the hope of tricking victims into giving out their personal and financial information.

The aim of phishing is to steal information like bank and credit account numbers, passwords, and other crucial data.

The ACCC’s Scamwatch website warns about phishing emails also. It warns they are not easily distinguishable from genuine corporate communication:

“Phishing emails often look genuine and use what look to be genuine internet addresses—in fact, they often copy an institution’s logo and message format, which is very easy to do. It is also common for phishing messages to contain links to websites that are convincing fakes of real companies’ home pages.

The website that the scammer’s email links to will have an address (URL) that is similar to but not the same as a real bank’s or financial institution’s site. For example, if the genuine site is at ‘’, the scammer may use an address like ‘’ or ‘’.”

The ramifications of falling for a phishing scam

Clicking on links in phishing scams can mean your banking details are captured by fraudsters and can be accessed in order to drain your bank accounts. But in addition to this, just the simple act of clicking on the link can put you in danger. Many phishing emails are also designed to infect computers through virus-containing links in the emails.

This could mean that you could download a Trojan or similar virus designed to steal your financial information – and you may have no idea its happening.

This could be dangerous for your credit file. Because while you are carrying out your normal online transactions, the Malware that you have installed could be tracking passwords, financial details and personal details about you. This could be used by a clever and determined cyber-crook in order to build a fake identity in your name.

Suddenly credit could be accessed in your name, and you probably won’t know about it until you apply for credit yourself and are refused. This presents real problems for fixing your credit rating, because what we know about removing unfair or inaccurate listings from your credit file is that you must provide evidence and proof that you didn’t initiate the credit. This can be difficult to do when you have no idea how the theft of your information occurred. It can be a nightmare for victims.

So don’t get hooked by a phishing scam. If you receive an email that looks legitimate – go independently to the Bank or other company’s website to verify it. Or use the official Bank phone number (not the phone number presented on the email) to call the bank directly to verify the email is legitimate.

Top image: David Castillo Dominici/


Bookmark and Share