Last year I had a run in with some fraudsters on a phishing expedition, cold calling to find out my banking details.
Today, another staff member received an email reporting to be from Westpac. It asked her to log onto online banking and fill out her details as there was a problem with her account. The email address looked genuine enough, firstname.lastname@example.org, but when you clicked on the link within the email it sent you to a very professional looking Westpac site, the address was the following:
And though the site had all the usual logos and even linked itself to the acutal Westpac site, it didn’t look quite right. The elements of the sites didn’t sit properly, like they had slipped in transit. On closer inspection, as well as noting the sites address (above) there was no lock for the site denoting that behind the scene no security in place.
Another elaborate hoax that my fellow staff member would have fallen for if she hadn’t just used her account and knew all was well. When she checked with the bank (with a phone number from her address book) they confirmed her opinion and informed her they knew the email address and had it on their fraud list.
So, things to learn:
1. Never assume a cold-call or cold-email from your bank is legit, always question it in person, or using a phone number from your banks correspondence or card
2. Always check for the security lock at the bottom right of your internet browser screen (in IE)
3. Check what address your being linked to, in the above case it was pretty obvious, but maybe next time it won’t be.
4. If in doubt, delete, delete, delete.