14 DAY TRIAL // Fake Westpac notifications entitled “Account Notification : 3 incorrect login” have been spotted these days in inboxes. Experts warn Australian users not to trust the emails since they’re part of a cybercriminal campaign designed to trick the bank’s customers into handing over their information.
According to Hoax Slayer, the emails read something like this:
“Within Westpac latest security checks, we recently discovered that today there were 3 incorrect login attempts to your account. For your safety, Westpac set your account status to limited.
For your account status to get back to normal, you will have to download and complete form number 613-752893 attached to this e-mail.
Due to our latest fraud attempts, the following IP adresses were recorded:
Invalid login from: *.*.15.127.las.co.id Invalid login from: *.*.219.166 Invalid login from: *.*.63.argos.com.ar
CONFIRMATION CODE: 514u78p977s215h4819io92
This form is mandatory, if you do not complete it in less then 24 hours, your account may get suspended.”
Those who fall for the scam and click on the link contained in the email are taken to a bogus Westpac website where they’re asked to provide their name, date of birth, address, phone number, driver’s license number and RTA card number.
Once the information is handed over, a second form appears, asking for credit card number, expiration date and CVV number.
Users who fall for the scam are advised to immediately contact the financial institution.
Westpac is aware of such schemes. According to the advisory published by the bank on its website, there are tens of scams currently making the rounds.
The company advises customers to avoid emails that instruct them to click on a link, open an attachment or call a number. In addition, bogus notifications contain grammar and punctuation mistakes, and they usually ask for account information.