Reading Time: 2 minutes
From: WBC <info@wbc.com>
Subject: 1 new Payment!
Email content:
The link “Click here to Sign In Westpac Online Banking” opens the web page: http://stokki.pl/wp-content/themes/twentyfourteen/genericons/web.php.
Stokki.pl web site is registered from Poland and has the following details:
https://www.nazwa.pl/
WHOIS database responses: http://www.dns.pl/english/opiskomunikatow_en.html
When the web page is opened, it redirects automatically to : http://ferhat.com.tr/templates/ferhat12/images/system/West-Log/xls.html where a fake westpac website is hosted.
Although the genuine web site looks like:
The site creates a cookie as well:
The final site ferhat.com.tr is a Turkish local company, and their website is probably compromised. The whois records show that the domain name is created back in 2000.
START FREE TRIAL GET YOUR INSTANT SECURITY SCORECARD FOR FREE
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoAiStream. Web3 Data Intelligence. Knowledge Amplified. Access Here.
- Minting the Future w Adryenn Ashley. Access Here.
- Buy and Sell Shares in PRE-IPO Companies with PREIPO®. Access Here.
- Source: https://blog.comodo.com/pc-security/fake-website-imitates-westpac-banking-corporation-for-phishing/
- :has
- :is
- :where
- 1
- 500
- a
- Amazon
- and
- Another
- AS
- automatically
- back
- Blog
- click
- COM
- company
- Compromised
- content
- created
- creates
- details
- dns
- domain
- Domain Name
- DOMAIN NAMES
- Event
- fake
- final
- following
- For
- Free
- from
- genuine
- get
- getting
- here
- hosted
- hosts
- HTML
- http
- HTTPS
- in
- instant
- IT
- jpg
- lab
- Leads
- like
- LINK
- local
- LOOKS
- malware
- max-width
- name
- names
- New
- online
- opened
- opens
- page
- phishing
- PHP
- plato
- Plato Data Intelligence
- PlatoData
- Poland
- probably
- records
- registered
- responses
- scorecard
- security
- send
- show
- sign
- site
- that
- The
- their
- time
- to
- Turkish
- web
- Website
- WELL
- Westpac
- worse
- Your
- zephyrnet