Fake Website Imitates Westpac Banking Corporation for Phishing

August 3, 2015 | By Editor
1 Star2 Stars3 Stars4 Stars5 Stars

From: WBC <info@wbc.com>
Subject: 1 new Payment!

Email content:

Email content

The link “Click here to Sign In Westpac Online Banking” opens the web page: http://stokki.pl/wp-content/themes/twentyfourteen/genericons/web.php.

Stokki.pl web site is registered from Poland and has the following details:

genuine web site


WHOIS database responses: http://www.dns.pl/english/opiskomunikatow_en.html

When the web page is opened, it redirects automatically to : http://ferhat.com.tr/templates/ferhat12/images/system/West-Log/xls.html where a fake westpac website is hosted.

fake westpac


Although the genuine web site looks like:

genuine web site
The site creates a cookie as well:

website cookie
The final site ferhat.com.tr is a Turkish local company, and their website is probably compromised. The whois records show that the domain name is created back in 2000.

Domain names


Be Sociable, Share!

    Add new comment

    Your name

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


    What Hidden Threats LurkOn Your Endpoints?

    Get complete security from known and unknown threats from Comodo Endpoint Protection

    free threat scan