How to keep yourself safe

Find out how to avoid infection from computer viruses and other ‘nasties’ such as hoax emails, phishing scams and spyware.

Email phishing

Phishing, hoax emails and other scams

Phishing is a fraudulent attempt by a third party to steal your personal information, usually made through email. Here’s what to do if you receive one, and a look at the latest phishing scams that have been detected.

What to do if you receive a phishing email

If you believe you’ve received a Westpac-related phishing email, report it by forwarding the email to the following address: phishing@westpac.co.nz

This email address is for notification purposes only and you won’t receive an individual reply. If you have any queries relating to the email or any anything else, please use the Westpac communication form.

What actions should you take?
  • don’t click on the link contained in the email
  • don’t reply to the email
  • delete the email
  • update and perform an anti-virus scan on your computer
  • update and perform an anti-spyware scan on your computer

Am I on the real Westpac online banking site?

The Original Online Banking home page address (URL) is: https://sec.westpac.co.nz/IOLB/Login.jsp

For Westpac One online banking, the address (URL) is: https://bank.westpac.co.nz/one/app.html

If you're ever at a site with a login page that differs in any way from the above, you're not at an official Westpac online banking login page (refer images 1 and 2 below).

Westpac uses extended validation certificates (EV). If you're running a reasonably new browser, this will display the organisation information associated with the certificate. It should read “Westpac New Zealand Limited [NZ]” either to the left or right of the home page address.

To keep yourself safe, please remember the following:
  • never give your card PIN number or online banking username and password to anyone 
  • don’t let anyone else use your card 
  • don’t write down your PIN number 
  • check your account balances regularly 
  • notify your bank immediately if you have lost your card or disclosed your PIN number

 

Latest phishing scams

The latest phishing scams to watch out for

We were notified of the following email phishing scan on 19 May 2017:

 We are currently aware of a phishing scam targeting to general public and the sending address appears to be from a Westpac, however this is not legitimate. A copy of the email is below. If you receive this email please do not click on the attachment, do not respond. Please forward a copy to phishing@westpac.co.nz

phishingalert 19 may2017

We were notified of the following email phishing scan on 8 May 2017:

We are currently aware of a phishing scam targeting to general public and the sending address appears to be from a Westpac staff member, however this is not legitimate. A copy of the email is below. If you receive this email please do not click on the attachment, do not respond. Please forward a copy to phishing@westpac.co.nz. We currently are working with the relevant authorities in relation to this issue.

 phishingalert may2017

We were notified of the following email phishing scam on  26 April 2017:

Alert April

Email phishing scam  21 March 2017:

We are currently aware of a phishing scam targeting to general public and the sending address appears to be from a Westpac staff member, however this is not legitimate. A copy of the email is below. If you receive this email please do not click on the attachment, do not respond. Please forward a copy to phishing@westpac.co.nz. We currently are working with the relevant authorities in relation to this issue.

Alert March

We were notified of the following email phishing scams on  9 March 2017:

Alert March

Alert March

We were notified of the following email phishing scam on  14 February 2017:

Alert Feb

We were notified of the following Facebook phishing scam on  14 December 2016:
A fake profile called "Westpac Carelines" is messaging customers asking for credit card details

Alert December

We were notified of the following phishing scams on the 29 November 2016:

Alert November

We were notified of the following phishing scams on the 25 November 2016:

phishing email

phishing email

 

 

We were notified of the following phishing scam on the 4 November 2016:

phishing email

 

We were notified of the following phishing scam on the 9 June 2016:

Alert 7 June]

We were notified of the following phishing scam on the 7 June 2016:

Alert 7 June]

 

We were notified of the following phishing scam on the 3 June 2016:

email lure

We were notified of the following phishing scam on the 24 May 2016:

email lure

We were notified of the following phishing scam on the 12 April 2016:

email lure

We were notified of the following phishing scam on the 29 March 2016:

Phishing

We were notified of the following phishing scam on the 01 March 2016:

01032016 phishing

We were notified of the following phishing scam on the 26 February 2016:

26022016 phishing

We were notified of the following phishing scam on the 18 November 2015:

Phishing Scam 1811

We were notified of the following phishing scam on the 13 November 2015:

13112015 Phishing Scam

 

Keeping your information secure

Protect your computer with security measures

Protecting yourself means doing things like always logging out from your online banking, not having the same passwords across multiple sites, and being wary of phishing scams. Here’s what else you might want to consider to help  protect your computer from nasty viruses or scams.

Install anti-virus software

Get protection from viruses that could damage your computer and its programs by installing reputable antivirus software. Once installed, to keep your computer protected:

  • update your anti-virus software regularly
  • set your computer to automatically check for new virus definitions regularly
  • perform regular full scans of your computer, at least weekly

Install anti-spyware software

Spyware programs are designed to covertly track what you are doing on the Internet.

These hidden programs are:

  • often bundled together with file sharing, email virus or browser accelerator programs
  • usually installed without your knowledge

Spyware is used to collect personal Internet usage information and confidential data such as passwords, credit card numbers and online banking details. Choose a reputable anti-spyware software provider.

Keep your browser and operating system up to date

From time to time, security weaknesses or bugs are found in browsers and operating systems. To ensure you have the most up-to-date security features:

  • install updates to all your applications as soon as they become available
  • make regular checks on your software vendor’s website or request an automated alert if available
  • apply new security patches as soon as possible

Avoid downloading programs, installing software or downloading files from an unknown source, or websites that are not considered a trusted source.

Using other computers

If you access your accounts using a computer in a cyber café, a library or your workplace take care as there may be malicious software installed in order to collect information belonging to anyone using the computer. Try to ensure the computer has the latest anti-virus software, firewall protection, anti-spyware software and browser software installed.

Is your computer infected?

If your computer has been infected, it may be acting ‘weirdly'. Take action if your computer:

  • has unusual icons appearing on your desktop or Start menu
  • has extra toolbars
  • programs lock up frequently
  • your homepage is changing

In some cases, unobtrusive or covert issues – such as keyboard logging or spyware – may not be obvious. You should review your online transactions regularly. Also ensure all activity has been initiated by you and email us to report anything that seems suspicious or odd.

Protect your mobile device

  • Don't fall for SMS phishing – fraudsters can change the sender info, so they may appear to be from a trusted source. These text messages often use scare tactics and contain links to fake websites in an attempt to capture your passwords and other sensitive information.
  • Keep your operating system and apps updated – go to iTunes for Apple devices, Samsung or Google Play Store for Android devices and the Microsoft or Windows Phone Store for Windows devices.
  • Stay clear of unsafe or fake apps – only download apps from official app stores and never from a link within an email or SMS.
  • Protect your device with a reputable security app – you can find security apps and their reviews in the stores listed above – which store you visit depends on the type of device you use.
  • Tighten your mobile service security – call your mobile service provider and ask if they can add security measures (key questions, etc.) to your account and call them immediately if you notice unexpected or unusual service outages.
  • Use a passcode to protect access to your mobile device and access to your apps – This is particularly important if you have apps linked to PayPal, or with stored credit card payment details.

 

Protect yourself

  • Be wary of scams – use caution when receiving a phone call from someone claiming to be from a reputable organisation and consider what they are asking for. Never give them remote access to your computer. If in doubt, ask for a reference number and call back on a trusted number (i.e. from the phone book) to confirm the call was genuine.
  • Use caution opening emails – you may receive phishing emails that contain links or malicious attachments that could capture your banking details, harm your device or lock your important files.
  • Regularly change passwords for everything online – use strong passwords and set a reminder to change them every couple of months.
  • Always look for the padlock – checking for the SSL secure connection symbol – a locked padlock in the browser bar to the left of the website name.
  • Don’t use links to get to important sites (like banking) – type in www.westpac.co.nz rather than using a favourite bar or button. Be sure to never use the links received by SMS or Email to directly access online banking.
  • Protect your identity – never provide your personal or security details, including customer ID or passwords, in response to any email or SMS, even if it looks legitimate.
  • Regularly check your bank accounts  – for any suspicious transactions
  • Securely dispose of sensitive documents – don't simply throw your bank documents, bills etc. in the bin. These should be shredded or otherwise destroyed.
  • Secure your mailbox – use a padlock or PO Box and report any missing mail to the relevant provider.
  • Be cautious what you share through your social media accounts – take steps to understand your privacy settings and ensure you only share what you want with who you want. Don’t share things like your date of birth, work information & contact details, or consider not providing them at all.

 

Protect your business

  • Regularly change passwords – on all software and databases e.g. accounting software.
  • Keep data safe – implementing a regular backup procedure is a simple way to safeguard critical business data. Setting user PC permissions and encrypting your databases will also help.
  • Be on the lookout for business scams – verify all emails and calls claiming to be from a provider or someone in your company before performing any requests.
  • Implement a cyber security strategy – to counter the evolving online threats. E.g. ensuring secure remote access protocol and setting up firewall rules.
  • Protect your website – consider making use of a controlled 3rd party 'ethical hack', which can objectively assess and mitigate the risks for your business’s online security, independent of any vendor or supplier.

 

The basic must-dos to keep yourself safe online

Online fraudsters take advantage of poor security systems, entering computers through scam emails, when you navigate to certain pages online, or download software bundled with dangerous programs.

Here are some dos and dont's to consider

Do
Don't
Double check a suspicious sender before you open or reply to an email Open emails from people or organisations you don’t know or trust
Scan all email attachments for viruses Click on any link in an email that asks you to respond with personal information
Always delete your junk mail Click on an email link from an unknown sender that asks you to pay bills or log onto a secure service
  Use a preview pane within your email account – this is the equivalent to opening an email automatically

Some viruses forward infected mail to entries in an address book. Therefore, you can also get an infected attachment from someone you know.

If you frequently receive suspicious or unsolicited emails, you should consider installing a spam filter or getting that service from your Internet Service Provider.

Check you’re on Westpac’s official site before logging in

Before you log in to online banking, check you’re connecting directly to the real Westpac online banking service. Do this by:

  • checking for the SSL secure connection symbol – a locked padlock 
  • double-clicking on the padlock symbol. Our certificate has been "digitally signed" by either Entrust or Verisign.

When viewing our online banking certificate always ensure that:

  • it’s been 'Issued to' bank.westpac.co.nz or sec.westpac.co.nz or bol.westpac.co.nz
  • the 'Issued by' section refers to www.entrust.com
  • the date specified is within a valid date range.

If the certificate details differ from this, don’t log in. Email us for further assistance and include a screen shot of the certificate in your email (if you can).

Keep your online banking password safe  

It’s a no-brainer, but make sure your online banking password is safe:

  • never give your online banking password to anyone
  • Note: no Westpac staff member should ever ask you for your password for any reason.
  • don't write passwords down or store them in a file on your computer – you also shouldn't use 'form-fill', AutoComplete or other similar password storage functions in your browser settings.
  • select a password that’s difficult to guess and change it regularly – we'll give you a prompt every 60 days. We suggest that you don't use any of the following: family, pet or street names, birth dates or other data easily connected to you.
  • don't use the same password for different websites.
  • ensure that no one can see your keyboard when you enter your Customer ID and password – this is especially relevant if using a public or work PC.

Sign up for email and text alerts

Signing up for our email and text alerts can help you keep tabs on your online banking activity, so you know if someone else has used your login ID or tried to make transactions. Just set this up in Westpac One.

More about email and text alerts

How Westpac keeps you safe online