Early June 2017, a number of Australian inboxes received an email purporting to be from Westpac advising them that their accounts have been temporarily locked. Victims are then instructed to follow a link and try to log in with their credentials to unlock their account. Sound familiar?
In following the link, victims are taken to a replica Westpac site which is being hosted on a Tanzanian Guesthouse site which has been clearly compromised in a previous hack. When victims input their username and password, cybercriminals are able to capture their credentials and use these to transfer funds from victims accounts to accounts of their choosing.
Whilst it does not sound terribly sophisticated in today's cybersecurity landscape, harried consumers may not look too closely especially with it coming from an email which could pass off as legitimate - in this instance, firstname.lastname@example.org.
In Australia, for the most part, the large banks and financial institutions cover consumers for such losses, however, with banks pushing every service they can online to reduce overheads, this sort of activity can put a dent in this strategy through the loss of trust for victims of such cybercrime.
Given such attempts are not going away, only getting more sophisticated, where does this leave us?
Essentially, our best line of defence is awareness.
Things to look out for when assessing a fake email
Here are some key things you should look out for:
Tips to assess email legitimacy
Here are our top tips when assessing the legitimacy of emails: