At least 200 people in New Zealand were tricked
yesterday into giving up their online banking
passwords.
The e-mail pretended to be from Westpac Bank, saying the bank
wanted to check that e-mail addresses were valid and asked
customers to confirm their address by providing their banking ID
and password at the Westpac website.
The e-mail included a link that appeared to point at Westpac's
website, but actually directed browsers to a website in Russia.
Westpac spokesman Paul Gregory said so far the bank has not yet
found any suspicious transactions leading on from the e-mails, but
will have a better idea when the transactions summary is
available.
"Obviously we'll be taking a pretty close look at their accounts
over the next few days," he said.
Gregory urged Westpac customers who provided their login details
to the bogus website to change their passwords as soon as possible,
contact the bank, and keep a close eye on their online
accounts.
"All we can do is let people know it's around. We would never,
ever send out an e-mail of that sort."
Many recipients of the e-mail are not Westpac customers. The
hoaxers apparently used one of the lists of e-mail addresses
available for purchase on the internet, and sent the messages
indiscriminately to New Zealand e-mail users.
The bank has posted a note on its banking login page, warning
customers about the scam and will contact online customers
directly.
Matthew Cooney writes for Computerworld