Security threats Toolkit

Warning email hides scam

Iain Ferguson ZDNet Australia

Published: 18 Dec 2003 10:50 GMT

An email purporting to be an advisory from Westpac to its customers about the dangers of online fraud is itself fraudulent, a bank spokeswoman confirmed today.

The email, headlined "Online Banking: Protect Yourself from Internet Fraud" purports to come from the address validate@westpac.com.au and includes a link to a Web site below the message "As part of our ongoing commitment to provide the 'Best Possible' service to all our Members, we are now requiring each member to validate their accounts once per month".

However, a Westpac spokeswoman stressed that the email did not come from the bank, and reiterated a warning that the only way to visit Westpac Internet banking was by typing www.westpac.com.au into a browser.

"We will never send out emails of this type," the spokeswoman said.

Despite the email itself outlining two examples of common Internet scams -- the first an attempt to steal a customer's login details by sending out emails which appear to be from a financial institution and requesting personal details, and the second involving creation of a "ghost Web site" which captures customer details and uses them to transact using the customer's account -- it also includes a number of indicators of its fraudulent nature.

These include suspect grammar, font variations and the link to a Web-site requiring a customer to input their account details, including passwords.

The spokeswoman said criminals involved in such scams were becoming more and more sophisticated.