How to keep yourself safe

Find out how to avoid infection from computer viruses and other ‘nasties’ such as hoax emails, phishing scams and spyware.

Email phishing

Phishing, hoax emails and other scams

Phishing is a fraudulent attempt by a third party to steal your personal information, usually made through email. Here’s what to do if you receive one, and a look at the latest phishing scams that have been detected.

What to do if you receive a phishing email

If you believe you’ve received a Westpac-related phishing email, report it by forwarding the email to the following address: phishing@westpac.co.nz

This email address is for notification purposes only and you won’t receive an individual reply. If you have any queries relating to the email or anything else, please use the Westpac communication form.

What actions should you take?
  • don’t click on the link contained in the email
  • don’t reply to the email
  • delete the email
  • update and perform an anti-virus scan on your computer
  • update and perform an anti-spyware scan on your computer

Am I on the real Westpac online banking site?

Westpac One online banking, the address (URL) is: https://bank.westpac.co.nz/one/app.html

If you're ever at a site with a login page that differs in any way from the above, you're not at an official Westpac online banking login page (refer images 1 and 2 below).

Westpac uses extended validation certificates (EV). If you're running a reasonably new browser, this will display the organisation information associated with the certificate. It should read “Westpac New Zealand Limited [NZ]” either to the left or right of the home page address.

To keep yourself safe, please remember the following:
  • never give your card PIN number or online banking username and password to anyone 
  • don’t let anyone else use your card 
  • don’t write down your PIN number 
  • check your account balances regularly 
  • notify your bank immediately if you have lost your card or disclosed your PIN number

 

Latest phishing scams

The latest phishing scams to watch out for

We were notified of the following email phishing scam on 21 September 2018:

SMS Phishing September 2018

 

If you receive this message, please forward the email to phishing@westpac.co.nz.


 

We were notified of the following email phishing scam on 14 July 2018:

 14 July

If you receive this message, please forward the email to phishing@westpac.co.nz.


 

We were notified of the following email phishing scam on 13 July 2018:

13 July

If you receive this message, please forward the email to phishing@westpac.co.nz.


 

We were notified of the following email phishing scam on 9 July 2018:

9 July

If you receive this message, please forward the email to phishing@westpac.co.nz.


 

We were notified of the following email phishing scam on 6 July 2018:

6 July

If you receive this message, please forward the email to phishing@westpac.co.nz.


 

We were notified of the following email phishing scam on 1 July 2018:

1 July

If you receive this message, please forward the email to phishing@westpac.co.nz.


 

We were notified of the following email phishing scam on 29 June 2018:

 

29 June
If you receive this message, please forward the email to phishing@westpac.co.nz.


 

We were notified of the following email phishing scam on 22 March 2018:

22 March

If you receive this message, please forward the email to phishing@westpac.co.nz.


 

We were notified of the following email phishing scam on 13 April 2018:

We've been made aware of a sophisticated phishing scam that’s targeting both Westpac and non-Westpac customers. The message reads:
"Westpac New Zealand has restricted your account".

See example below:

April 2018 Phishing email example

 

If you receive this message, please forward the email to phishing@westpac.co.nz.


 

We were notified of the following email phishing scam on 17 Jan 2018:

We’ve been made aware of a scam where people are being asked to participate in a survey for Hotpoints with the opportunity to get $75 credit.
The subject line is "Tell us about your experience with Westpac" and "Please confirm your Hotpoints Survey Today!"

See example below: 

17 Jan 2018

If you have received this email, please forward the email to phishing@westpac.co.nz. You will receive an automated reply as a confirmation that your email has been received and that Westpac will be taking action for it. Please be assured that Westpac New Zealand will be taking steps to prevent further instances of these emails. Remember to delete it straight away from your inbox and sent folder if you've forwarded it. Quick action can prevent these scams from being delivered to hundreds of other Westpac employees and customers.


 

We were notified of the following email phishing scan on 19 May 2017:

We are currently aware of a phishing scam targeting to general public and the sending address appears to be from a Westpac, however this is not legitimate. A copy of the email is below. If you receive this email please do not click on the attachment, do not respond. Please forward a copy to phishing@westpac.co.nz

phishingalert 19 may2017

We were notified of the following email phishing scan on 8 May 2017:

We are currently aware of a phishing scam targeting to general public and the sending address appears to be from a Westpac staff member, however this is not legitimate. A copy of the email is below. If you receive this email please do not click on the attachment, do not respond. Please forward a copy to phishing@westpac.co.nz. We currently are working with the relevant authorities in relation to this issue.

 phishingalert may2017

 

 

 


We were notified of the following email phishing scam on  26 April 2017:

Alert April

 


Email phishing scam  21 March 2017:

We are currently aware of a phishing scam targeting to general public and the sending address appears to be from a Westpac staff member, however this is not legitimate. A copy of the email is below. If you receive this email please do not click on the attachment, do not respond. Please forward a copy to phishing@westpac.co.nz. We currently are working with the relevant authorities in relation to this issue.

Alert March

We were notified of the following email phishing scams on  9 March 2017:

Alert March

Alert March

We were notified of the following email phishing scam on  14 February 2017:

Alert Feb


We were notified of the following Facebook phishing scam on  14 December 2016:
A fake profile called "Westpac Carelines" is messaging customers asking for credit card details

Alert December

We were notified of the following phishing scams on the 29 November 2016:

Alert November

We were notified of the following phishing scams on the 25 November 2016:

phishing email

phishing email

 


 

We were notified of the following phishing scam on the 4 November 2016:

phishing email

 


 

We were notified of the following phishing scam on the 9 June 2016:

Alert 7 June]

 


We were notified of the following phishing scam on the 7 June 2016:

Alert 7 June]

 


 

We were notified of the following phishing scam on the 3 June 2016:

email lure

 


We were notified of the following phishing scam on the 24 May 2016:

email lure

We were notified of the following phishing scam on the 12 April 2016:

email lure


We were notified of the following phishing scam on the 29 March 2016:

Phishing


We were notified of the following phishing scam on the 01 March 2016:

01032016 phishing


We were notified of the following phishing scam on the 26 February 2016:

26022016 phishing


We were notified of the following phishing scam on the 18 November 2015:

Phishing Scam 1811


We were notified of the following phishing scam on the 13 November 2015:

13112015 Phishing Scam

 

Security alerts

Intel Alert - Westpac Financial Crime Management Team

Invoice Scam - August 2018

Whats happening?

Fraudsters have adapted the false invoice scam to target law firms and home buyers. The scam proceeds as follows:

The fraudsters contact a law firm in NZ, often claiming they are interested in buying a house and are interesting in using the law firm to do the conveyancing.

Emails are exchanged, and eventually the fraudsters send an email with “important documents” attached. These are locked and access requires the lawyer to enter their email address and password. This information is harvested by the fraudsters, giving them access to the lawyer’s email account.

The fraudsters then wait and monitor the lawyer’s email, until they see an indication of an upcoming settlement or payment to be made by a client.

When the deadline for the payment arrives, the fraudsters email the client (from the lawyer’s compromised email address) to remind them of the payment.

They also send an invoice/payment details, where the bank account details have been altered. The client then makes the payment and the money goes to the fraudster’s bank account.

Once the money is in the fraudster’s bank account it is essentially gone, chances of recovery are very low. The liability will likely sit with the victim, as they are responsible for making the authorised payment (albeit to a fraudster).

What should I do?

This is a warning for Westpac clients, particularly law firms, real estate agents or home buyers, to verify the bank account details before making large payments. The best way to do this is to call the other party to confirm the details, you should contact them on their registered number (as appears on their website or yellow pages, not on an email).

Simply checking to make sure the numbers match is an effective tactic to avoid falling victim to this type of fraud, as well as those rare incidents where there was a legitimate error sending the account details. If you believe you have been targeted by this fraud, please report the issue to Cert NZ.

Keeping your information secure

Protect your computer with security measures

Protecting yourself means doing things like always logging out from your online banking, not having the same passwords across multiple sites, and being wary of phishing scams. Here’s what else you might want to consider to help  protect your computer from nasty viruses or scams.

Install anti-virus software

Get protection from viruses that could damage your computer and its programs by installing reputable antivirus software. Once installed, to keep your computer protected:

  • update your anti-virus software regularly
  • set your computer to automatically check for new virus definitions regularly
  • perform regular full scans of your computer, at least weekly

Install anti-spyware software

Spyware programs are designed to covertly track what you are doing on the Internet.

These hidden programs are:

  • often bundled together with file sharing, email virus or browser accelerator programs
  • usually installed without your knowledge

Spyware is used to collect personal Internet usage information and confidential data such as passwords, credit card numbers and online banking details. Choose a reputable anti-spyware software provider.

Keep your browser and operating system up to date

From time to time, security weaknesses or bugs are found in browsers and operating systems. To ensure you have the most up-to-date security features:

  • install updates to all your applications as soon as they become available
  • make regular checks on your software vendor’s website or request an automated alert if available
  • apply new security patches as soon as possible

Avoid downloading programs, installing software or downloading files from an unknown source, or websites that are not considered a trusted source.

Using other computers

If you access your accounts using a computer in a cyber café, a library or your workplace take care as there may be malicious software installed in order to collect information belonging to anyone using the computer. Try to ensure the computer has the latest anti-virus software, firewall protection, anti-spyware software and browser software installed.

Is your computer infected?

If your computer has been infected, it may be acting ‘weirdly'. Take action if your computer:

  • has unusual icons appearing on your desktop or Start menu
  • has extra toolbars
  • programs lock up frequently
  • your homepage is changing

In some cases, unobtrusive or covert issues – such as keyboard logging or spyware – may not be obvious. You should review your online transactions regularly. Also ensure all activity has been initiated by you and email us to report anything that seems suspicious or odd.

Protect your mobile device

  • Don't fall for SMS phishing – fraudsters can change the sender info, so they may appear to be from a trusted source. These text messages often use scare tactics and contain links to fake websites in an attempt to capture your passwords and other sensitive information.
  • Keep your operating system and apps updated – go to iTunes for Apple devices, Samsung or Google Play Store for Android devices and the Microsoft or Windows Phone Store for Windows devices.
  • Stay clear of unsafe or fake apps – only download apps from official app stores and never from a link within an email or SMS.
  • Protect your device with a reputable security app – you can find security apps and their reviews in the stores listed above – which store you visit depends on the type of device you use.
  • Tighten your mobile service security – call your mobile service provider and ask if they can add security measures (key questions, etc.) to your account and call them immediately if you notice unexpected or unusual service outages.
  • Use a passcode to protect access to your mobile device and access to your apps – This is particularly important if you have apps linked to PayPal, or with stored credit card payment details.

 

Protect yourself

  • Be wary of scams – use caution when receiving a phone call from someone claiming to be from a reputable organisation and consider what they are asking for. Never give them remote access to your computer. If in doubt, ask for a reference number and call back on a trusted number (i.e. from the phone book) to confirm the call was genuine.
  • Use caution opening emails – you may receive phishing emails that contain links or malicious attachments that could capture your banking details, harm your device or lock your important files.
  • Regularly change passwords for everything online – use strong passwords and set a reminder to change them every couple of months.
  • Always look for the padlock – checking for the SSL secure connection symbol – a locked padlock in the browser bar to the left of the website name.
  • Don’t use links to get to important sites (like banking) – type in www.westpac.co.nz rather than using a favourite bar or button. Be sure to never use the links received by SMS or Email to directly access online banking.
  • Protect your identity – never provide your personal or security details, including customer ID or passwords, in response to any email or SMS, even if it looks legitimate.
  • Regularly check your bank accounts  – for any suspicious transactions
  • Securely dispose of sensitive documents – don't simply throw your bank documents, bills etc. in the bin. These should be shredded or otherwise destroyed.
  • Secure your mailbox – use a padlock or PO Box and report any missing mail to the relevant provider.
  • Be cautious what you share through your social media accounts – take steps to understand your privacy settings and ensure you only share what you want with who you want. Don’t share things like your date of birth, work information & contact details, or consider not providing them at all.

 

Protect your business

  • Regularly change passwords – on all software and databases e.g. accounting software.
  • Keep data safe – implementing a regular backup procedure is a simple way to safeguard critical business data. Setting user PC permissions and encrypting your databases will also help.
  • Be on the lookout for business scams – verify all emails and calls claiming to be from a provider or someone in your company before performing any requests.
  • Implement a cyber security strategy – to counter the evolving online threats. E.g. ensuring secure remote access protocol and setting up firewall rules.
  • Protect your website – consider making use of a controlled 3rd party 'ethical hack', which can objectively assess and mitigate the risks for your business’s online security, independent of any vendor or supplier.

 

The basic must-dos to keep yourself safe online

Online fraudsters take advantage of poor security systems, entering computers through scam emails, when you navigate to certain pages online, or download software bundled with dangerous programs.

Here are some dos and dont's to consider

Do
Don't
Double check a suspicious sender before you open or reply to an email Open emails from people or organisations you don’t know or trust
Scan all email attachments for viruses Click on any link in an email that asks you to respond with personal information
Always delete your junk mail Click on an email link from an unknown sender that asks you to pay bills or log onto a secure service
  Use a preview pane within your email account – this is the equivalent to opening an email automatically

Some viruses forward infected mail to entries in an address book. Therefore, you can also get an infected attachment from someone you know.

If you frequently receive suspicious or unsolicited emails, you should consider installing a spam filter or getting that service from your Internet Service Provider.

Check you’re on Westpac’s official site before logging in

Before you log in to online banking, check you’re connecting directly to the real Westpac online banking service. Do this by:

  • checking for the SSL secure connection symbol – a locked padlock 
  • double-clicking on the padlock symbol. Our certificate has been "digitally signed" by either Entrust or Verisign.

When viewing our online banking certificate always ensure that:

  • it’s been 'Issued to' bank.westpac.co.nz or sec.westpac.co.nz or bol.westpac.co.nz
  • the 'Issued by' section refers to www.entrust.com
  • the date specified is within a valid date range.

If the certificate details differ from this, don’t log in. Email us for further assistance and include a screen shot of the certificate in your email (if you can).

Keep your online banking password safe  

It’s a no-brainer, but make sure your online banking password is safe:

  • never give your online banking password to anyone
  • Note: no Westpac staff member should ever ask you for your password for any reason.
  • don't write passwords down or store them in a file on your computer – you also shouldn't use 'form-fill', AutoComplete or other similar password storage functions in your browser settings.
  • select a password that’s difficult to guess and change it regularly – we'll give you a prompt every 60 days. We suggest that you don't use any of the following: family, pet or street names, birth dates or other data easily connected to you.
  • don't use the same password for different websites.
  • ensure that no one can see your keyboard when you enter your Customer ID and password – this is especially relevant if using a public or work PC.

Sign up for email and text alerts

Signing up for our email and text alerts can help you keep tabs on your online banking activity, so you know if someone else has used your login ID or tried to make transactions. Just set this up in Westpac One.

More about email and text alerts

How Westpac keeps you safe online