Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

Email Scams

At Westpac, we’re vigilant about safeguarding your financial and personal information. Help protects you, your family and your business. Check out the types of scams being used plus some useful tips on how to stay safe.

Report

Please report any suspicious activity immediately by calling 132 032 or (+612) 9293 9270 if overseas (available 24 hours a day, 7 days a week)

Scam emails, also known as Phishing, is the most common way fraudsters trick you into providing personal or financial information.

These emails are designed to look legitimate, impersonating legitimate businesses or even government agencies with urgent content to entice you to open attachments, click on links, or provide information. Phishing is also the main source of malware infections.

Watch out for these email phishing signs:

  • Requests for personal or financial information
  • Has instructions to click on links, open attachments or call a number
  • Creates a sense of urgency
  • The email just doesn’t ‘seem quite right’
  • Can be addressed to you personally or uses a generic greeting e.g. Dear Valued Customer
  • Contains poor grammar or spelling
  • Branding that looks slightly different
  • The email address does not match the sender
Clicked on a link or opened an attachment in a suspicious email?

If you believe your security has been compromised, or notice a transaction you did not make, contact us immediately on 132 032.

Do not use your Online Banking until you have up-to-date security software on your computer. If you don’t have such software, we have partnered with security specialist McAfee. Once you have installed security software on your computer, ensure you perform a thorough scan of your system.

Remember, Westpac will never send you links to sign in pages, or ask you to update, verify or correct any Online Banking details directly into an email reply.

Confirm payee changes and urgent payment requests verbally

If you receive an email requesting you to make an payment to a new BSB and account number, or an urgent payment on behalf of a senior staff member, always check the request is legitimate before making a payment.

Even if you know the sender of the email, it’s possible that your contact’s email account has been compromised, so always call the sender (using a trusted phone number, not one contained in the email) to verbally validate the request.

In 2017, Australian businesses were targeted by business email compromise scams with this trend continuing in 2018. Reports to the Australian Competition and Consumer Commission (ACCC) and Australian Cybercrime Online Reporting Network (ACORN) about this scam exposed that over $22.1 million has been transferred from businesses to scammer accounts during this period.

To help avoid financial loss
  1. Always verbally confirm BSB and Account number changes using a trusted phone number. Confirming a change via email is not a secure method of validation.
  2. Scammers often pose as executive staff members to direct employees to make urgent payments. Once again, always verbally validate these requests using a trusted phone number.
  3. If you are unable to contact the requestor, contact the recipient bank to confirm if the BSB and Account number matches the name on the account.


For an example of this scam, visit Scamwatch

Think you received a scam email?

If the email scam is Westpac related, report it immediately to hoax@westpac.com.au and delete it from your inbox and sent folder if you've forwarded it. If you have opened any attachments or links, or been prompted to sign in to online banking after clicking a link, please call us immediately on 132 032.

Which Government agencies or Not Profit business should I report this information to?

Report any scams you are targeted by to the Australian Cybercrime Online Reporting Network at acorn.gov.au

If you suspect you have been the target of fraud or scams, or your identity has been stolen or compromised in any way, it is also recommended you report this at: