Australian Banks Are A Low Priority For Hackers (But Don’t Get Complacent)

Australian Banks Are A Low Priority For Hackers (But Don’t Get Complacent)
To sign up for our daily newsletter covering the latest news, hacks and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Lifehacker Australia homepage to visit whenever you need a fix.

It sometimes seems that every second message coming into my spam trap is a phishing attempt pretending to be from an Australian bank (the spelling “Westpack” is often a giveaway). Yet analysis suggests that Australian banks are a relatively low-priority target for spam mailers.

Bank vault picture from Shutterstock

Symantec’s latest report on financial trojans includes a list of the most commonly targeted financial institutions worldwide. Just one Australian bank makes the top 25, coming in last place.

Symantec doesn’t identify the targeted institutions, but it seems safe to assume it’s one of the “big four” (Commonwealth, NAB, Westpac or ANZ). In the same way, we can guess that the “online payment service” at #6 in the rankings is PayPal, and the “auction platform” at #8 is eBay.

Given Australia’s overall population, that low number is not surprising, but it still doesn’t mean local bank customers aren’t being targeted. Phishing messages rely on volume — even if 99 per cent are ignored, the 1 per cent that foolishly respond still provide rich pickings.


  • Being #25 worldwide is still pretty significant. For a while a couple of the Australian banks were big targets given the market penetration (as you want to have a high likelihood that your spam recipients actually bank with the target institution), and the minimal to no authentication mechanisms post logon.

    Also, not all of these attacks/campaigns come from phishing sites. More and more and instead using drive-by-downloads, or malware laden PDFs to install trojans that will hijack a legitimate internet banking session, substitute a payment you make for a payment to their mules accounts, and then modify your transaction history to hide the evidence.

    Source: Used to work on this stuff for an Australian bank

Show more comments

Comments are closed.

Log in to comment on this story!