Friday, September 26, 2008

Phishing alert: BankWest Security Depertment

I was about to delete an email using OzEfilter, supposedly sent from BankWest, because to me it was probably going to be a phishing attempt. This time however, I decided to check it out and let others know what I found.

The email contained a poor quality BankWest logo.  

The start of the email reads as follows:

BankWest has been receiving complaints from our customers for unauthorised use of the BankWest Online accounts. As a result we are making an extra security check on all of our Customers account in order to protect their information from theft and fraud.

Due to this, you are requested to follow the provided steps and confirm your Online Banking details for the safety of your Accounts. Click Here To Get Started!

As a rule you should not click on a link in an email to go to a financial site. Always open your browser and enter the site address of your financial institution. The technique I use for this email is to hover my mouse over the "Click Here" link. I then see the address of the link which is not visible. In this case the site is a site and nothing to do with BankWest

This email is an obvious phishing attempt to get a person's bank account details. Don't be tricked by this type of email. 

- Kelvin Eldridge


  1. it may be interesting to know that bankwest does have websites setup that are not

    For example, their staff products are available through a website located at, which i can confirm is a completely legitimate website i am a staff member

  2. Hi anonymous,

    Your post raises a very good point, that visually checking the text tip as one hovers over a text link is not conclusive, but only one of a number of clues.

    In this case for example, I immediately assumed your response was bona fide and released it. Using the address I found it didn't work and tried to redirect me to another site. So I thought perhaps I had been tricked, which I thought was ironic and how we can all be so easily tricked. However, checking the domain name and when it was registered and by whom, does lead me to believe it is legitimate.

    Your point is valid. The domain is not always a good indicator. Those that I have checked so far have been pretty obvious, but they may not always be.

    Thank you for sharing your thoughts.