When Jean Smith* received an email from Westpac’s Head of Information Security asking her to update her banking details, she didn’t doubt it was genuine. It looked like the real thing.
What Jean didn’t realise was that by clicking on the supplied link and entering the requested information, she had given scammers very important personal information and identification details about herself, information they then used to transfer $80,000 out of her account.
Both the email and the website link she clicked through to looked genuine.
Westpac’s Head of Financial Crime and Security Tiffany Ryan sees this happen all too often.
“These scammers are highly sophisticated and the emails and the websites they create for people to click through to are mirror images of Westpac’s but they are not from us.
“We understand it’s difficult for our customers to tell our genuine website from the scammers’ ones. That’s why we tell our customers never to click on any link, ever, and never to open any attachments,” Tiffany says.
If a customer does click through and enter their personal details including name, date of birth, address, phone numbers, email address, bank account number, and password, they’ve effectively given the scammers their identification so they can not only impersonate that person but gain full access to their money.
The scammers won’t hesitate to clean out customers’ accounts, says Tiffany.
Customers who click on supplied links may also unwittingly allow malware to download on their device, giving scammers access to their computer, tablet, or phone.
“If our customers are in any doubt about an email they believe to be from us, they should call our Westpac contact centre on 0800 400 600.
“In the meantime, our message to our customers is stay safe and don’t click.”
*Not actual name