It sometimes seems that every second message coming into my spam trap is a phishing attempt pretending to be from an Australian bank (the spelling “Westpack” is often a giveaway). Yet analysis suggests that Australian banks are a relatively low-priority target for spam mailers.
Bank vault picture from Shutterstock
Symantec’s latest report on financial trojans includes a list of the most commonly targeted financial institutions worldwide. Just one Australian bank makes the top 25, coming in last place.
Symantec doesn’t identify the targeted institutions, but it seems safe to assume it’s one of the “big four” (Commonwealth, NAB, Westpac or ANZ). In the same way, we can guess that the “online payment service” at #6 in the rankings is PayPal, and the “auction platform” at #8 is eBay.
Given Australia’s overall population, that low number is not surprising, but it still doesn’t mean local bank customers aren’t being targeted. Phishing messages rely on volume — even if 99 per cent are ignored, the 1 per cent that foolishly respond still provide rich pickings.
Comments
3 responses to “Australian Banks Are A Low Priority For Hackers (But Don’t Get Complacent)”
It’s because everything’s so expensive here, so we’re all poor.
My guess is Westpac.
Being #25 worldwide is still pretty significant. For a while a couple of the Australian banks were big targets given the market penetration (as you want to have a high likelihood that your spam recipients actually bank with the target institution), and the minimal to no authentication mechanisms post logon.
Also, not all of these attacks/campaigns come from phishing sites. More and more and instead using drive-by-downloads, or malware laden PDFs to install trojans that will hijack a legitimate internet banking session, substitute a payment you make for a payment to their mules accounts, and then modify your transaction history to hide the evidence.
Source: Used to work on this stuff for an Australian bank