14 DAY TRIAL // Customers of Australia’s Westpac are advised to keep an eye out for bogus bank notifications that inform recipients of an unauthorized login attempt to their accounts.
The emails spotted by Hoax Slayer carry the subject line “Your Incident ID is: WES057140487” and they read something like this:
“This is an automated message to notify you that we detected a login attempt with a valid password to your account from an unrecognized device yesterday @
Location: UNITED STATES, MARYLAND, SILVER SPRING,IP=117.213.41.40 Latitude, Longitude: 85.42842, -98.9004 Connection through: VERIZON ONLINE LLC Local Time: 2013 07:39 PM (UTC -04:00) IDD Code: 1 Weather Station: SILVER SPRING (USMD0370) Usage Type: ISP/MOB
Was this you? If so, you can disregard the rest of this email. If this wasn't you kindly follow the account review link.”
The link doesn’t point to a Westpac domain, but to a phishing website that’s designed to trick users into handing over their credentials.
Several educational institutions from Canada and the United States have published alerts regarding phishing emails that use this particular text to trick recipients into handing over their webmail credentials.
If you come across such emails, don’t trust what they say. If you’ve already handed over the information to the cybercriminals, change your passwords as soon as possible.