Fake Website Imitates Westpac Banking Corporation for Phishing

August 3, 2015 | By Editor

From: WBC <info@wbc.com>
Subject: 1 new Payment!

Email content:

Email content

The link “Click here to Sign In Westpac Online Banking” opens the web page: http://stokki.pl/wp-content/themes/twentyfourteen/genericons/web.php.

Stokki.pl web site is registered from Poland and has the following details:

genuine web site

https://www.nazwa.pl/

WHOIS database responses: http://www.dns.pl/english/opiskomunikatow_en.html

When the web page is opened, it redirects automatically to : http://ferhat.com.tr/templates/ferhat12/images/system/West-Log/xls.html where a fake westpac website is hosted.

fake westpac

 

Although the genuine web site looks like:

genuine web site
The site creates a cookie as well:

website cookie
The final site ferhat.com.tr is a Turkish local company, and their website is probably compromised. The whois records show that the domain name is created back in 2000.

Domain names
domain

 

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>