US-based gaming Web site, The Game Monsters, has been implicated in the latest of round of phishing scams targeting Westpac customers, according to security experts.
The phishers tell customers that an attempt to access their online account was supposedly denied that day -- it is a variation of a phishing e-mail that Westpac warned customers about on 14 November.
Today's e-mail reads: "An attempt to access Online Banking was denied on: Monday, 26 Nov 2007 at 6:25:46 EST. Access was denied for one of two reasons: Incorrect attempts to access and Login failures; signing on from a different location or device different from your location and your IP address."
Recipients of the e-mail are asked to confirm this by clicking on one of two image links -- "That was me" or "That was NOT me" -- to verify whether they had attempted to make a transaction at the stated time.
The scam appears to be directed toward more technology savvy users who are aware that banks typically monitor and occasionally block attempts to access their customers' online accounts from a foreign IP address.
The server which users are redirected to has been traced to the UK and taken down, said PC Tools security researcher, Jim Meem.
"The script is a simple redirection, however we can't see the ultimate target, which I assume is also in the UK but it could be anywhere. One of our ex-employees works for Westpac Security so we know they deal with this stuff all the time, so I can assume it's been taken down. Most of these scams are online less than 12 hours," he told ZDNet Australia.
"The site pointed to siwhite.co.uk, which is registered to something called The Game Monsters. The address given is one in Florida but the site looks fake," said F-Secure global threat response manager, Patrik Runald.
TheGameMonsters webserver which was being secured and managed by an outsourced security firm has fixed the phishing scheme sand has cleared and cleaned up all instances of this attack on thier equipment.