Coding error thwarts Paralympic phishing scam

Australians have been targeted by a phishing email claiming to accept donations for the Paralympic team - but it fails to work because of a mistake in the code

A new phishing email aimed at diverting donations to the Australian Paralympic Team has emerged -- complete with a coding error which means that the cold-hearted scam is unlikely to work.

The email, which falsely claims to be from Westpac, is a replica of a page from the bank's Web site which provides information on making donations to the Australian Paralympians, who need to raise AU$2m to fund their visit to Athens this year.

It includes details of how to make a donation in person, by phone, or via a credit card. However, the link for credit card donations does not go to the official Australian Paralympic Committee donation site. Instead, the credit card link is designed to divert to a site which mimics the appearance of the APC site, but which is actually hosted in Romania.

Fortunately for the Paralympic movement, the phishers made a critical mistake. Due to a coding error in which a large number of blank spaces have been inserted in the fake URL, the address actually fails to resolve. Despite the error, the appeal to charitable instincts suggests that phishers -- often said to be linked to organised crime -- aren't slowing down their attempts to harvest credit card details and other financial information.

Westpac has been the target of numerous phishing scams in recent months, but a spokesperson recently told ZDNet Australia that customers had become more alert to the problem. All Australia's major banks now have an official policy of never requesting information from customers via email.

ZDNet Australia's Angus Kidman reported from Sydney. For more coverage from ZDNet Australia, click here.