By PETER GRIFFIN
A vigilant eye seems to be the best defence against internet "phishing" exercises in which criminals create replicas of commercial websites in an attempt to fool people into submitting personal information.
Internet providers were yesterday scanning for bogus emails targeting Westpac customers by using key word searches and were blocking the emails.
The emails, sent out indiscriminately in true spammer style, asked for Westpac customers to verify their email address for online banking by directing users to a site resembling Westpac's home page. There the users were prompted to enter their ID code and password in a bogus pop-up box.
A number of Westpac customers are understood to have fallen for the scam because of what appeared to be official Westpac branding and wording.
"Usually these types of scams are easily noticed due to the badly written English, but this one was pretty much perfect," said one Westpac customer.
Users were asked to click on a peculiarly formatted link, which was actually directed to Russia through a free re-direct service.
Xtra had detected a "moderate" number of the bogus emails through its servers.
Carl Grayson, Telecom's information security officer, said that as with spammers employing open relays to deliver vast quantities of unsolicited email, shutting down the scam was easier said than done.
"Because the originating domain can be falsified quite easily, you can't effectively block it. They just shift ... domain."
Westpac was working with IBM last night to trace the source of the link and attempt to shut it down.
"What we're aiming for is one of two things: that we succeed in shutting down the link - specifically the pop-up box - or that we make it so tough for them that they stop trying," said Westpac's Paul Gregory.
Grayson said Xtra had identified many email scams from Eastern Europe and former Soviet states.
www.ftc.gov/spam
Crooks phish for Westpac customer details
AdvertisementAdvertise with NZME.
