Westpac 'New Confirmation Form' Phishing ScamOutline
Email purporting to be from Australian bank Westpac claims that all customers must complete and submit a new "confirmation form" contained in an attached file.
The message is not from Westpac. It is a phishing scam designed to trick Westpac customers into sending their personal and financial information to cybercriminals. The criminals can use the stolen information to commit credit card fraud and identity theft.
Subject: Message id: #885131
Dear Westpac Bank Customer
We would like to inform you that we have released a new version of Westpac Confirmation form. This form is required to be completed by all Westpac Customers.
To complete this form, download attached to this email.
This email, which claims to be from Australian bank Westpac, informs recipients that a new version of the bank's confirmation form has been released and that all customers must complete the new form. Recipients are instructed to open an attached file containing the form.
However, the email is not from Westpac and the claim that Westpac customers must update their details via the attached form is a lie.
The message is a phishing scam designed to fool unwary Westpac customers into sending their personal and financial information to Internet criminals. Customers who comply and open the attached file will be presented with the HTML form shown in the example above. The form opens in a web browser and includes the Westpac logo, formatting and colour scheme as a means of making the form seem legitimate. The form asks for name and contact details and drivers licence numbers as well as credit card information and account passwords.
When users click the "Continue" button, all of this information will be sent to the scammers. The scammers can then use the stolen information to conduct fraudulent credit card transactions and steal the identities of victims.
Despite a great deal of publicity, people all around the world continue to fall for phishing scams every day. Phishing continues to be one of the most common types of Internet fraud. Your bank will never send you an unsolicited email that asks you to supply sensitive personal and financial information via a form in an attached file or by clicking a link.
It is always safest to login to all of your online accounts by entering the account address into your browser's address bar rather than by clicking a link or opening an attached file.
You can report Westpac phishing scams you receive via the reporting email address listed on the bank's website.
Last updated: August 22, 2013
First published: August 22, 2013
By Brett M. Christensen
Phishing Scams - Anti-Phishing Information
Prevent fraud and scams