Amazon Leads Malware Hosts and Getting Worse Reading Time: 2 minutes

From: WBC <>
Subject: 1 new Payment!

Email content:

Email content

The link “Click here to Sign In Westpac Online Banking” opens the web page: web site is registered from Poland and has the following details:

genuine web site

WHOIS database responses:

When the web page is opened, it redirects automatically to : where a fake westpac website is hosted.

fake westpac


Although the genuine web site looks like:

genuine web site
The site creates a cookie as well:

website cookie
The final site is a Turkish local company, and their website is probably compromised. The whois records show that the domain name is created back in 2000.

Domain names