From: WBC <firstname.lastname@example.org>
Subject: 1 new Payment!
The link “Click here to Sign In Westpac Online Banking” opens the web page: http://stokki.pl/wp-content/themes/twentyfourteen/genericons/web.php.
Stokki.pl web site is registered from Poland and has the following details:
WHOIS database responses: http://www.dns.pl/english/opiskomunikatow_en.html
When the web page is opened, it redirects automatically to : http://ferhat.com.tr/templates/ferhat12/images/system/West-Log/xls.html where a fake westpac website is hosted.
Although the genuine web site looks like:
The site creates a cookie as well:
The final site ferhat.com.tr is a Turkish local company, and their website is probably compromised. The whois records show that the domain name is created back in 2000.
TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE