Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


6336 posts

Uber Geek
+1 received by user: 308

Trusted
Subscriber

Topic # 128661 18-Aug-2013 16:27
Send private message

Hi, I just got sent an email from Westpac, it seems quite suspicious, firstly the sender is 21Y799o4P9TWH@viewemail.westpac.co.nz which is a dead give away.

Also the email is from an account manager at Westpac Porirua (we are in the city) and all the links in the email to find out more are are as follows.

http://westpac.eid.co.nz/cep/?i=21Y799o4P9TWH&page=Savings&id=&id=&id=2838&id=2859&id=2893&id=&loc1=475&loc2=0

Also very suspect.

Any thoughts.

Cheers
Cyril

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3
1525 posts

Uber Geek
+1 received by user: 115


  Reply # 880602 18-Aug-2013 16:30
Send private message

I would flag it as a phishing attempt 




6336 posts

Uber Geek
+1 received by user: 308

Trusted
Subscriber

  Reply # 880604 18-Aug-2013 16:33
Send private message

Yep already done, guess just checking if anyone else has recieved similar.

Cheers
Cyril

14407 posts

Uber Geek
+1 received by user: 1885


  Reply # 880606 18-Aug-2013 16:34
Send private message

Not sure why that email address is a dead giveaway. From the info you provided it looks like it is being sent from the westpac domain using a random sender. The links look to be using the domain eid.co.nz/, which looks to be run by some third party, but it all may be ok, I don't know. They may have subcontracted it out. However these banks don't help themselves at all really, and they even if it was legit, they shouldn't have links in their emails, especially if they are third party links, that possibily have tracking code in them. Maybe best to phone them (they don't have a way to email them securely). But it doesn't look good if it is legit. Maybe it is a thing they are using to test their customers on how good they are a detecting dodgy looking emails?



6336 posts

Uber Geek
+1 received by user: 308

Trusted
Subscriber

  Reply # 880607 18-Aug-2013 16:37
Send private message

Hi, quite the point, it was presumably sent from an account manager at Westpac Porirua, but not using joe.blogs@westpac.co.nz and none of the other URLs seem to ring true. Would be keen if anyone from Westpac IT or marketing could comment.

Cyril

14407 posts

Uber Geek
+1 received by user: 1885


  Reply # 880610 18-Aug-2013 16:40
Send private message

cyril7: Hi, quite the point, it was presumably sent from an account manager at Westpac Porirua, but not using joe.blogs@westpac.co.nz and none of the other URLs seem to ring true. Would be keen if anyone from Westpac IT or marketing could comment.

Cyril


The URL that your link goes to appears to be http://westpac.eid.co.nz, and the eid domain appears to have been registered in 2003. These banks seem to send email for email address where they don't seem to want people to reply to them, which may account for the odd address. I think if they send this sort of thing, the email address should be able to be replied to, so you can get a reply from a real person.

76 posts

Master Geek
+1 received by user: 67

Trusted
Subscriber

  Reply # 880726 18-Aug-2013 21:21
Send private message

Yep, I received one back on the 12th from a different branch manager (I'm in Auckland). Didn't think much of it, seems genuine but it's just Junk (Unsolicited).




May the farce be with you!




pjnetnz
:)


21533 posts

Uber Geek
+1 received by user: 4386

Trusted
Subscriber

  Reply # 880729 18-Aug-2013 21:27
Send private message

Even if its legit it should be reported as phishing because it seems just like a phish.




Richard rich.ms

652 posts

Ultimate Geek
+1 received by user: 157


  Reply # 880748 18-Aug-2013 22:17
Send private message

cyril7: Hi, I just got sent an email from Westpac, it seems quite suspicious, firstly the sender is 21Y799o4P9TWH@viewemail.westpac.co.nz which is a dead give away.

Also the email is from an account manager at Westpac Porirua (we are in the city) and all the links in the email to find out more are are as follows.

http://westpac.eid.co.nz/cep/?i=21Y799o4P9TWH&page=Savings&id=&id=&id=2838&id=2859&id=2893&id=&loc1=475&loc2=0

Also very suspect.

Any thoughts.

Cheers
Cyril


Definite phishing attempt. No NZ banks send emails to their customers that include personal info, or ask them to provide their details, or logon to their Internet Banking from as link in the email.

And they NEVER send their customers 'test emails to see if their customers know what a phishing email is.

If (as) you have opened it and read it, I strongly suggest you run a full anti virus scan on your computer (with your Anti virus being up to date) and/or network, and any other computers linked to the one you received the email on. If you read it on your phone, I hope your phone has up to date anti virus as well.

If you clicked on any of the links, or provided any information, contact Westpac asap, they will want to know about it, and give you further suggestions on what you need to do to protect your bank accounts. At the very least they'll insist you change your Internet Banking password.

If you believe the email is from a Westpac employee, and they have sent you the email asking you to provide personal information, contact Westpac and let them know about the email and ask them why the employee is sending such emails.

All of the above is what all NZ Bank tell their customers to do when their customers receive a phishing email. 


Westpac's most recent phishing scams they know of: http://www.westpac.co.nz/branch-mobile-online/online-banking/safety-and-security-online/report-a-phishing-scam/






21533 posts

Uber Geek
+1 received by user: 4386

Trusted
Subscriber

  Reply # 880751 18-Aug-2013 22:24
One person supports this post
Send private message

Lets see if westpac have anything to say in this matter with them basically asking their customers to violate every good practice with respect to internet safety.

Mind you, this is a bank that will call you and ask for your DOB and something else to "verify" your identity so I think they have a weak grasp on the concept of security. IMO whoever authorised this mailout should be fired.




Richard rich.ms

3740 posts

Uber Geek
+1 received by user: 2270

Trusted
Spark NZ

  Reply # 880774 18-Aug-2013 23:50
One person supports this post
Send private message

Westpac internet banking passwords also strip case (So 'PASSword' is the same as 'password').

When challenged about this they told me (I sh*t you not) that's "it's for security reasons"

I think at that stage I literally laughed and hung up.

Cheers - N

4466 posts

Uber Geek
+1 received by user: 848

Trusted
Lifetime subscriber

  Reply # 880776 18-Aug-2013 23:57
Send private message

Talkiet: Westpac internet banking passwords also strip case (So 'PASSword' is the same as 'password').

When challenged about this they told me (I sh*t you not) that's "it's for security reasons"

I think at that stage I literally laughed and hung up.

Cheers - N


!!??!!?? Wot the!

My password always include upper and lower case. What a waste of my time! The Westpac app does not work if you're not in NZ





3740 posts

Uber Geek
+1 received by user: 2270

Trusted
Spark NZ

  Reply # 880777 18-Aug-2013 23:59
Send private message

nakedmolerat:
Talkiet: Westpac internet banking passwords also strip case (So 'PASSword' is the same as 'password').

When challenged about this they told me (I sh*t you not) that's "it's for security reasons"

I think at that stage I literally laughed and hung up.

Cheers - N


!!??!!?? Wot the!

My password always include upper and lower case. What a waste of my time! The Westpac app does not work if you're not in NZ


Srsly. Try it. Log into internet banking with your caps lock key on and you'll still be able to log in.

Cheers - N



14407 posts

Uber Geek
+1 received by user: 1885


  Reply # 880778 19-Aug-2013 00:10
Send private message

Talkiet: Westpac internet banking passwords also strip case (So 'PASSword' is the same as 'password').

When challenged about this they told me (I sh*t you not) that's "it's for security reasons"

I think at that stage I literally laughed and hung up.

Cheers - N


Well based on their online banking interface looking like it was designed last century, that doesn't surprise me. I can't believe they still don't have a way to send a secure message through it yet, most of the other banks have this feature.

4312 posts

Uber Geek
+1 received by user: 153

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 880783 19-Aug-2013 01:03
Send private message

mattwnz:
Talkiet: Westpac internet banking passwords also strip case (So 'PASSword' is the same as 'password').

When challenged about this they told me (I sh*t you not) that's "it's for security reasons"

I think at that stage I literally laughed and hung up.

Cheers - N


Well based on their online banking interface looking like it was designed last century, that doesn't surprise me. I can't believe they still don't have a way to send a secure message through it yet, most of the other banks have this feature.


I've been with Westpac since 2004 and the web interface has not changed.

Their whole internet/mobile banking setup sucks.

516 posts

Ultimate Geek
+1 received by user: 110


  Reply # 880811 19-Aug-2013 08:39
Send private message

Talkiet: Westpac internet banking passwords also strip case (So 'PASSword' is the same as 'password').

When challenged about this they told me (I sh*t you not) that's "it's for security reasons"

I think at that stage I literally laughed and hung up.

Cheers - N


Yeah I contacted them about that some time ago as well since I thought it was stupid they don't even let people know when creating passwords and they said


Thanks for your feedback.
The goal is always to create a password process that is suitably complex that it isn't easily cracked, yet not so complex that customers may have to resort to writing their passwords down.
As soon as we reach that point we have gone too far and compromised the security of a password.
We did consider making passwords case sensitive but didn't deem it to be necessary considering that the password has to be at least 8 characters long and contain at least 1 number and 1 letter.
As well as the fact that after three attempts the ID will be locked.

It would practically impossible to someone to guess another's password in three tries.

You may have seen that we are making changes to our security measures with the introduction of Online Guardian.
You can read more about it here: http://www.westpac.co.nz/olcontent/olcontent.nsf/Content/online+guardian+enhancements

If you have any questions, please let me know.
Kind regards
Mark

 1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.