Business Solutions
Enterprise Solutions
Services
Case Studies
About us
Partners
Blog
Contact Us
Business Solutions
Cyber Security
Security Awareness & Training
Networking
View all business solutions >
Cyber Security

Discover our cyber security solutions

Penetration Testing
Security Assessment
Application Security
Next Generation Firewall as a Service
Secure Identity & Access Management
Web, Email & Endpoint Security
Threat Detection & Response
View all cyber security solutions >
Security Awareness & Training

Discover our security awareness & training solutions

Phishing Awareness, Prevention & Response
vCISO as a Service
Digital Exposure
View all security awareness & training solutions >
Networking

Discover our networking solutions

Secure SD-WAN
Secure Office Network
Cloud Connectivity
Secure Remote Working
Network Automation
View all networking solutions >
Enterprise Solutions
Cyber Security
Networking
Automation
View all enterprise solutions >
Cyber Security

Discover our cyber security solutions

Penetration Testing
Red Teaming
Governance Risk & Compliance
Application Security
Authentication & Access Control
Threat Detection & Event Management
Phishing Awareness, Prevention & Response
View all cyber security solutions >
Networking

Discover our networking solutions

Network Assessment
Network Security
Data Centre & Cloud
Secure SD-WAN
Campus Network
View all networking solutions >
Automation

Discover our automation solutions

Automated Managed Services
Network & Infrastructure Automation
Automated Cyber Security Compliance
Automation Services
Modern Application Integration & Development
View all automation solutions >
Services
Advisory Services
Professional Services
Automated Managed Services
View all services >
About Us
Our Story
Why Dragonfly?
Careers
Partners
Cisco
Rapid7
Cisco Meraki
Darktrace
Snyk
Fortinet
Palo Alto Networks
HCL Technologies
Unisys Stealth
F5
KnowBe4
Microsoft
View all partners >
Business Solutions
Enterprise Solutions
Services
Case Studies
About Us
Partners
Blog
Contact Us

Business Solutions

Cyber Security
Security Awareness & Training
Networking
View all business solutions >

Discover our cyber security solutions

Penetration Testing
Security Assessment
Application Security
Next Generation Firewall as a Service
Secure Identity & Access Management
Web, Email & Endpoint Security
Threat Detection & Response
View all cyber security solutions >

Discover our security awareness & training solutions

Phishing Awareness, Prevention & Response
vCISO as a Service
Digital Exposure
View all security awareness & training solutions >

Discover our networking solutions

Secure SD-WAN
Secure Office Network
Cloud Connectivity
Secure Remote Working
Network Automation
View all networking solutions >

Enterprise Solutions

Cyber Security
Networking
Automation
View all enterprise solutions >

Discover our cyber security solutions

Penetration Testing
Red Teaming
Governance Risk & Compliance
Application Security
Authentication & Access Control
Threat Detection & Event Management
Phishing Awareness, Prevention & Response
View all cyber security solutions >

Discover our networking solutions

Network Assessment
Network Security
Data Centre & Cloud
Secure SD-WAN
Campus Network
View all networking solutions >

Discover our automation solutions

Automated Managed Services
Network & Infrastructure Automation
Automated Cyber Security Compliance
Automation Services
Modern Application Integration & Development
View all automation solutions >

Services

Advisory Services
Professional Services
Automated Managed Services
View all services >

About Us

Our Story
Why Dragonfly?
Careers

Partners

Cisco
Rapid7
Cisco Meraki
Darktrace
Snyk
Fortinet
Palo Alto Networks
HCL Technologies
Unisys Stealth
F5
KnowBe4
Microsoft
View all partners >
Cyber Security
Lucy Khayat
July 20, 2018

Early June 2017, a number of Australian inboxes received an email purporting to be from Westpac advising them that their accounts have been temporarily locked. Victims are then instructed to follow a link and try to log in with their credentials to unlock their account. Sound familiar?

In following the link, victims are taken to a replica Westpac site which is being hosted on a Tanzanian Guesthouse site which has been clearly compromised in a previous hack. When victims input their username and password, cybercriminals are able to capture their credentials and use these to transfer funds from victims accounts to accounts of their choosing.

Whilst it does not sound terribly sophisticated in today's cybersecurity landscape, harried consumers may not look too closely especially with it coming from an email which could pass off as legitimate - in this instance, ccapplications@westpac.com.au.

In Australia, for the most part, the large banks and financial institutions cover consumers for such losses, however, with banks pushing every service they can online to reduce overheads, this sort of activity can put a dent in this strategy through the loss of trust for victims of such cybercrime.

Given such attempts are not going away, only getting more sophisticated, where does this leave us?

Essentially, our best line of defence is awareness.

Things to look out for when assessing a fake email

Here are some key things you should look out for:  

  • An email with little branding, no personalisation
  • Unusual or unexpected use of capitals - particularly one purporting to be from a large organisation
  • A bank asking you to click on a link to fix an issue with your account
  • By hovering on the link, you can see the target site. In this instance, it clearly is not the Westpac URL, rather a Tanzanian Guesthouse
  • When landing on the target URL, it is clearly insecure - a legitimate banking website will always have an updated security certificate

‍Tips to assess email legitimacy

Here are our top tips when assessing the legitimacy of emails:  

  • Poor grammar, formatting, spelling errors
  • A lack of personalisation in the email
  • An email asking you to verify data which is sensitive in nature
  • The use of capitals to create urgency for actions
  • Poor use of imagery
  • Unexpected source email

Explore more topics

Dragonfly Updates
Automation
Networking
Cyber Security

More Blogs

Dragonfly Team

November 24, 2021

5 Things You Need to Know About Managed Threat Detection & Response

Branko Ninkovic

October 18, 2021

The Anatomy of a Phishing Attempt - auDA Email Scam

Branko Ninkovic

July 2, 2020

Palo Alto Vulnerability - Patching and Software Updates

Want to learn more?
Join our mailing list

Business Solutions
Cyber Security
Penetration TestingSecurity AssessmentApplication SecurityNext Generation Firewall as a ServiceSecure Identity & Access ManagementWeb, Email & Endpoint SecurityThreat Detection & Event Management
Security Awareness & Training
Phishing Awareness, Prevention & ResponsevCISO as a ServiceDigital Exposure
Networking
Secure SD-WANSecure Office NetworkCloud ConnectivitySecure Remote WorkingNetwork Automation
Enterprise Solutions
Cyber Security
Penetration TestingRed TeamingGovernance Risk & ComplianceApplication SecurityAuthentication & Access ControlThreat Detection & Event ManagementPhishing Awareness, Prevention and Response
Networking
Network SecurityData Centre & CloudSecure SD-WANCampus Network
Automation
Automated Managed ServicesNetwork & Infrastructure AutomationAutomated Cyber Security ComplianceAutomation ServicesModern Application Integration & Development
Services
Advisory ServicesProfessional ServicesAutomated Managed Services
Company
Our StoryWhy Dragonfly?CareersPartnersCase StudiesContact UsBlog
2005 - 2021 © Dragonfly Technologies Pty Ltd
Privacy