Westpac Scam.

Sheba · Guru

Westpac Scam.

03_troopy · Guru

Sheba wrote:
I'm putting this here,as I know a lot of people don't read all of the threads. Just looked at my E-mails and found this. I have never had a Westpac Account. Take care people. They do try and make them look genuine, don't they ?
Needless to say, I have deleted it, without clicking on the link so thoughtfully provided.
Cheers,
Sheba.

This is an automated message to notify you that we detected a login attempt with a valid password to your account from an unrecognized device yesterday @

Location: UNITED STATES, COLORADO, COLORADO SPRINGS,IP=195.218.84.56 Latitude, Longitude: 75.16459, -25.9814 , Connection through: MCI Local Time: 2013 04:57 PM (UTC -06:00) IDD Code: 1 Weather Station: COLORADO SPRINGS (USCO0078) Usage Type: ISP

Was this you? If so, you can disregard the rest of this email. If this wasn't you kindly follow the account review link:

http://auth.westpac.com.au.nr-976.7jm.dyndns-blog.com/esis/index.php?r=S670216334659&id=Q737968538

Sincerely,
Westpac Bank Customer Care

2013 Westpac Financial Corporation. All Rights reserved

Email ID:37322650114300219389726

-- Edited by Sheba on Friday 15th of November 2013 06:43:40 PM

and please don't post the active links. edit them with advanced editor and click on the broken chain (breaks the link) icon so that others reading the post don't click on them.

Cheers.

Troopy

edit: I forgot to say, highlight the link, then hit the broken chain icon

-- Edited by 03_troopy on Friday 15th of November 2013 07:43:11 PM

Dougwe · Chief one feather

Thanks for the heads up Sheba, I am a customer but wouldn't open a link from them without first checking with a local branch office face to face.

GaryKelly · Guru

I get heaps of those thing purporting to be Paypal, a bank, or other financial institution. Even eBay. Unless they're addressed to me by name, I ignore them and delete them.

hako · Guru

Sheba - not questioning your computer literacy, but my PC tells me the link you've posted in your first post is active - unless you've altered it which you don't say.
If you've deleted it, how can you show it on this forum?

Bryan · Guru

There's lots going around. I must have had at least $80,000 in tax refunds. I printed them all before deleting just in case and one day I get bored enough to present them tax office and ask for a cheque.

Santa · Guru

Sheba wrote:
hako wrote:

I Copied and Pasted it , then deleted the original. I posted it on at least 4 forums.
Cheers,
Sheba.

Sheba as Hako has pointed out the link in your original post is live, anyone who clicks on it may well be at risk.

You may have deleted it on your PC however it is alive and well at the start of this thread, and possibly anywhere else you may have posted it.

03 Troopy has explained how to deactivate it.

-- Edited by Santa on Saturday 16th of November 2013 11:46:15 PM

slip sliding away · Veteran Member

Thanks Sheba for sharing...

Sheba · Guru

hako wrote:
Sheba - not questioning your computer literacy, but my PC tells me the link you've posted in your first post is active - unless you've altered it which you don't say.
If you've deleted it, how can you show it on this forum?
I Copied and Pasted it , then deleted the original. I posted it on at least 4 forums.

Cheers,

Sheba.

dorian · Guru

It appears that a computer ("zombie") at UCLA was compromised and was being used to perpetrate this scam.
Below are my ping, traceroute, and ARIN Whois search results. Note that the actual URL that is the source of the scam is "7jm.dyndns-blog dot com". The Westpac text can be replaced with "blah.blah.blah" without altering the results.

BTW, I tried a ping and tracert to the same URL yesterday and was successful in reaching it. Today the requests time out, suggesting that the problem has been rectified.

C:\>ping auth.westpac.com.au.nr-976.7jm.dyndns-blog dot com

Pinging 7jm.dyndns-blog dot com [128 dot 97.224.14] with 32 bytes of data:

Reply from 164 dot 67.62.99: TTL expired in transit.
Reply from 164 dot 67.62.99: TTL expired in transit.
Reply from 164 dot 67.62.99: TTL expired in transit.
Reply from 164 dot 67.62.99: TTL expired in transit.

Ping statistics for 128 dot 97.224.14:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>ping blah.blah.blah.7jm.dyndns-blog dot com

Pinging 7jm.dyndns-blog dot com [128 dot 97.224.14] with 32 bytes of data:

Reply from 164 dot 67.62.99: TTL expired in transit.
Reply from 164 dot 67.62.99: TTL expired in transit.
Reply from 164 dot 67.62.99: TTL expired in transit.
Reply from 164 dot 67.62.99: TTL expired in transit.

Ping statistics for 128 dot 97.224.14:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>tracert auth.westpac.com.au.nr-976.7jm.dyndns-blog dot com

Tracing route to 7jm.dyndns-blog dot com [128 dot 97.224.14]
over a maximum of 30 hops:

1 * * * Request timed out.
2 34 ms 33 ms 34 ms lns20.syd6.on.ii.net [150.101.199.159]
3 34 ms 33 ms 33 ms te3-1-20.cor2.syd7.on.ii.net [150.101.195.138]
4 34 ms 34 ms 34 ms ae5.br1.syd4.on.ii.net [150.101.33.48]
5 180 ms 181 ms 181 ms te0-1-1-2.bd1.lax1.on.ii.net [203.16.213.65]
6 181 ms 181 ms 181 ms eq-exchange.tr01-lsanca01.transitrail.net [206.223.123.7]
7 182 ms 182 ms 182 ms 64.57.20.227
8 183 ms 184 ms 184 ms dc-lax-core1--lax-px1-10ge-2.cenic.net [137.164.46.150]
9 211 ms 212 ms 212 ms dc-lax-agg5--lax-core1-10ge.cenic.net [137.164.46.133]
10 183 ms 183 ms 182 ms ucla--lax-agg1-10g.cenic.net [137.164.24.135]
11 183 ms 183 ms 182 ms cr01f2.csb1--bd02f1.anderson.ucla.net [169.232.4.104]
12 182 ms 183 ms 182 ms sr01f1.anderson--cr01f2.csb1.ucla.net [169.232.8.27]
13 183 ms 183 ms 183 ms ra11f2.csb1.ucla.net [164.67.62.90]
14 182 ms 182 ms 182 ms 164.67.62.99
15 183 ms 183 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90]
16 182 ms 182 ms 183 ms 164.67.62.99
17 183 ms 182 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90]
18 182 ms 182 ms 182 ms 164.67.62.99
19 182 ms 182 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90]
20 183 ms 183 ms 182 ms 164.67.62.99
21 183 ms 182 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90]
22 182 ms 183 ms 182 ms 164.67.62.99
23 183 ms 183 ms 182 ms ra11f2.csb1.ucla.net [164.67.62.90]
24 182 ms 183 ms 181 ms 164.67.62.99
25 182 ms 183 ms 183 ms ra11f2.csb1.ucla.net [164.67.62.90]
26 182 ms 183 ms 182 ms 164.67.62.99
27 183 ms 182 ms 183 ms ra11f2.csb1.ucla.net [164.67.62.90]
28 183 ms 183 ms 184 ms 164.67.62.99
29 183 ms 183 ms 183 ms ra11f2.csb1.ucla.net [164.67.62.90]
30 182 ms 183 ms 183 ms 164.67.62.99

Trace complete.

http://whois.arin.net/rest/net/NET-128-97-0-0-1/pft

Network
NetRange 128.97.0.0 - 128.97.255.255
CIDR 128.97.0.0/16
Name UCLANET
Handle NET-128-97-0-0-1
Parent NET128 (NET-128-0-0-0-0)
Net Type Direct Assignment
Origin AS AS52
Organization University of California, Los Angeles (UCLA)
Registration Date 1985-11-11
Last Updated 2009-06-10

Organization
Name University of California, Los Angeles
Handle UCLA
Street UCLA Communications Technology Services
Campus Services Building I, 2nd Floor
741 Charles E. Young Drive South
City Los Angeles
State/Province CA
Postal Code 90095-1363
Country US
Registration Date 1985-10-24
Last Updated 2009-12-22

-- Edited by dorian on Sunday 17th of November 2013 08:17:12 AM

_wombat_ · Master (of Mischief)

dorian wrote:
I confess I'm still using a very old version of Eudora (I actually paid for mine), but the open source Linux and XP versions sound great. Thanks for the heads up.

dorian, when you have had time to have a look at that one can you please advise if I would need Mozilla Thunderbird to run it? it looks like it maybe an extension to MT

Sorry Sheba, it looks like I have gone off topic, just blame dazren. biggrin

-- Edited by _wombat_ on Sunday 17th of November 2013 01:01:40 PM

Cowboy7307 · Senior Member

I must have had at least $80,000 in tax refunds,
Is that all you got sitting , your poor lol, i have at least $3000000000000 sitting in Nigeria and America for me, all i have to do is send my bank detales and passwords, that's after i send the $200 so thy can clear it with there banks

_wombat_ · Master (of Mischief)

I don't know why EVERYBODY has not got this program on their computer, I have been using it for years, it allows you to look on your ISP BEFORE you download your emails to your computer and you just delete the emails you do not want before you download the ones you want to keep to your computer.

There is a free version but you can only use 1 email address.

GO GET A COPY NOW

FREE VER http://filehippo.com/download_mailwasher/7639/ the only free version is 6.54

PRO VERSION 7.3.0 $39.95 on special at this time for $29.95 12 months subscription, well worth the price https://secure.firetrust.com/cart

dorian · Guru

My ISP intercepts and quarantines the vast majority of spam on their server. I usually don't bother checking it.

As for the email that I download, my email client (Eudora) allows me to disable potentially dangerous features. For example, I can "disallow executables in HTML content". I also have a plugin which removes all HTML content and essentially converts the message into plain text.

Eudora automatically filters what it considers to be junk and places it in the Junk mailbox. I can alter the junk settings, if need be. I also have my own filters which automatically sort email from known addresses into the correct mailboxes.

Antivirus software typically scans emails before they are made available for reading.

_wombat_ · Master (of Mischief)

dorian wrote:
My ISP intercepts and quarantines the vast majority of spam on their server. I usually don't bother checking it.

As for the email that I download, my email client (Eudora) allows me to disable potentially dangerous features. For example, I can "disallow executables in HTML content". I also have a plugin which removes all HTML content and essentially converts the message into plain text.

Eudora automatically filters what it considers to be junk and places it in the Junk mailbox. I can alter the junk settings, if need be. I also have my own filters which automatically sort email from known addresses into the correct mailboxes.

Antivirus software typically scans emails before they are made available for reading.

That is the same as mail washer pro, great program, will have to have a look at your one, is it free?

_wombat_ · Master (of Mischief)

Just has a quick look at the site https://wiki.mozilla.org/Eudora_OSE and it is no longer supported but I think being open source it would be free

dorian · Guru

I confess I'm still using a very old version of Eudora (I actually paid for mine), but the open source Linux and XP versions sound great. Thanks for the heads up.

Sheba · Guru

I don't understand why anyone, if they read my post properly, would want to click on that Link. I made it quite clear that this was a Scam.

Cheers,

Sheba.

_wombat_ · Master (of Mischief)

Sheba wrote:
I don't understand why anyone, if they read my post properly, would want to click on that Link. I made it quite clear that this was a Scam.
Cheers,
Sheba.

I did not click on it, cos Dougwe told me not to, he's been quiet today.

dorian · Guru

_wombat_ wrote:
dorian, when you have had time to have a look at that one can you please advise if I would need Mozilla Thunderbird to run it? it looks like it maybe an extension to MT

I'm still using Windows 98SE. I don't know when I'll get around to "upgrading", if ever.