Here's what you must do to avoid falling victim to such scams

Feb 25, 2014 21:56 GMT  ·  By

The customers of the Australian bank Westpac are once again targeted with phishing emails. This time, the bogus notifications inform recipients that their bill payment has been successfully processed.

The emails carry the subject line “Bill Payment - 02/22/2014” and look something like this:

“Westpac Bill Payment Category: Successful transactions Date received: 02/22/2014 07:27 PM Message: Your bill payment to the following biller has been successfully processed: From Account: XXXXXX445774 Complete Access Amount: $9.31 Date: 02/22/2014 Biller Name: AGL Sales Pty Ltd Biller Nickname: bruce To Biller: Mega Sales Pty Ltd Customer Reference No: 0000810010288126606 View transaction details This is an automated message please do not reply.”

The emails have nothing to do with Westpac. Instead, cybercriminals are hoping that the bank’s customers who get this notification will rush to click on the link contained in the email to see if an unauthorized transaction has been made from their account.

According to Hoax Slayer, the links from these emails point to a fake Westpac website that looks similar to the genuine site. Here, users are instructed to log in to their accounts.

In reality, they’re not logging in to their accounts, but handing over their login credentials to the cybercriminals who run this scheme. Once the information is entered, victims are redirected to the genuine Westpac website. Many might not even realize what has happened.

If you’re a victim of this scam, change your password immediately. Depending on what the cybercriminals could have gained access to, it might also be wise to contact the financial institution and let them know about the incident.

Here are some pieces of advice to help you avoid falling victim to such phishing attacks:

- when receiving “urgent” emails, particularly if they purport to come from financial institutions, make sure that the links they contain point to the company's official domain, and not some other site;

- legitimate notifications never have ZIP files attached to them – this is usually a sign that the email is malicious;

- check for typos and grammar mistakes – a legitimate bank notification should be worded properly;

- always use strong passwords to protect your accounts. If it’s too difficult to remember multiple passwords, use a password manager;

Westpac customers can also check out the fraud and scams page on the company’s website. It provides useful advice on email scams, malicious software, and it also contains examples of the latest cybercriminal operations.