JavaScript disabled. Please enable JavaScript to use My News, My Clippings, My Comments and user settings.

If you have trouble accessing our login form below, you can go to our login page.

If you have trouble accessing our login form below, you can go to our login page.

Westpac email hoax hits Aussie inboxes

Date

Asher Moses

Zoom in on this story. Explore all there is to know.

A screenshot of one of the malware laced emails.

A screenshot of one of the malware laced emails.

Hundreds of thousands of bogus malware-laden emails purportedly from Westpac were sent to Australians on Thursday, in what a security firm says is the fastest spreading email it can remember.

The malware emails were first identified at 9.30 on Thursday morning and security firm MailGuard said at 3.30pm it had blocked 318,000 going to clients' inboxes.

Earlier on Thursday only two of the 44 largest anti-virus applications were detecting the virus.

The emails have the subject "Westpac Secure Email Notification" and appear to come from "secure.mail@westpac.com.au". They instruct the recipient to open a malicious attachment.

MailGuard said its filters detected 1193 unique source IP addresses from countries including Australia, the US, Peru, Iran, Colombia and Mexico. It was likely they were a large "botnet" of infected computers.

Westpac said it was working with anti-virus companies to improve their detection of the malicious software and had notified customers of the "hoax".

24 comments

  • I received one supposedly from the Commonwealth Bank which I didn't open because I have been told by the Bank that they do not communicate this way.

    Commenter
    Catherine
    Date and time
    March 14, 2013, 4:12PM
    • Here's a permanent solution. Don't bank with big banks. Go to credit unions. The chances of malware for say the teachers credit union are almost nil. Go to them.

      Commenter
      Best comment
      Date and time
      March 14, 2013, 7:03PM
    • Er, this sort of thing is almost a daily occurrence and has been for years. Why bring attention to this one? Slow news day?

      Commenter
      Foris
      Location
      Melbourne
      Date and time
      March 15, 2013, 9:52AM
  • The emails are actually VERY cleverly designed and look almost exactly the same as other legitimate confidential/secure mail emails you may get that request you open the .html attachment.

    Except this one has a .zip, and was addressed to made up email addresses...

    Commenter
    mtown
    Location
    Sydney
    Date and time
    March 14, 2013, 4:21PM
    • Not really very clever at all. 1. It listed a US number; 2. it didn't identify the intended recipient; 3. it asked to open a .zip attachment - when does a bank send you an email asking to open an attachment with no context as to what it is?

      I am a Westpac customer and I received this. Immediately it was clear it was a scam.

      Commenter
      davo
      Date and time
      March 15, 2013, 8:46AM
  • Request to open an attachment - how original. But luckily for the scammers, law of averages says that there will be a number of idiots who will follow through with it. The same applies for those "verify password" requests.

    And no, getting a Mac is not the solution.

    Commenter
    Steve T
    Location
    Sydney
    Date and time
    March 14, 2013, 4:24PM
    • Neither getting an android will prevent it

      Commenter
      Ryan
      Date and time
      March 15, 2013, 7:59AM
  • This email wasn't very clever. Did anyone else note the helpdesk number they listed? Definitely not an Australian number...

    Commenter
    Goer
    Date and time
    March 14, 2013, 4:52PM
    • You're right, none of them ever are clever, especially when I'm not even the bank's client and I still receive them - fairly frequently. ANZ and St George Bank are potentially malware laden emails (in the attachment they ask me to open) I receive and I'm not a client of either.

      Important point to note is these emails are sent to "Dear Client" or "Dear Customer".
      Generally a bank's email to you will be addressed TO YOU, by name. At least to me they have.

      Commenter
      Dao
      Location
      Melbourne
      Date and time
      March 15, 2013, 6:56AM
  • I actually received two of these Westpac emails today, and saw through both of them immediately. My anti-virus program picked up the second, but not the first. In the past week I've received more malware emails than the whole of the past 10 years, most of them through friends' yahoo accounts. Don't know why the sudden increase, but my 'delete' button is getting a lot of use.

    Commenter
    kozzy
    Date and time
    March 14, 2013, 5:03PM

    More comments

    Comments are now closed
    Advertisement
    Featured advertisers
    Advertisement