Phishing is a technique where users are invited -- usually via e-mail -- to login to a particular Web site. The information gathered from the site -- which at first glance looks genuine -- will then be transmitted to the scams' creators.
But according to security vendor SurfControl, the Westpac incident is more sinister than usual.
After users are tricked into entering their details, they will be redirected to a legitimate Westpac logon screen saying they have entered the wrong details.
The scam uses hacked files from legitimate Web sites to transfer account details to the scammers, thus avoiding Internet and e-mail filters, SurfControl said.
The plot was discovered early Tuesday morning, the bank told ZDNet Australia . It was immediately reported to the authorities but Westpac declined to confirm or deny if customers' accounts were tampered with.
Tracking down the scammers will be a challenge since most of the hacked files have been deleted. This is an example of how they hide their tracks.
Westpac said customers would not be personally liable for unauthorised transactions provided they were not responsible for the transaction, did not contribute to the loss, and complied with its Internet banking terms and conditions.
It believes customers have a good level of awareness about the scam. Most of the calls it has received about the issue were from clients making sure it knew what was going on.
"We find our customers are a very good backup to our detection systems!" the bank said. The bank has posted details on the problem on the security section of its Web site .
Customers who use Windows and Internet Explorer should be held liable for any withdrawls from their accounts as they have contributed to the problem by using software plagued with security vulnerabilities.
Westpac deserves no credit because some of their online banking features require the use of Internet Explorer, preventing people from using more secure alternative browsers and operating systems.