The e-mail, which falsely claims to be from Westpac, is a replica of a page from the bank's Web site which provides information on making donations to the Australian Paralympians, who need to raise AU$2 million to fund their visit to Athens this year.
It includes details of how to make a donation in person, by phone, or via a credit card. However, the link for credit card donations does not go to the official Australian Paralympic Committee donation site. Instead, the credit card link is designed to divert to a site which mimics the appearance of the APC site, but which is actually hosted in Romania.
Fortunately for the Paralympic movement, the phishers made a critical mistake. Due to a coding error in which a large number of blank spaces have been inserted in the fake URL, the address actually fails to resolve. Despite the error, the appeal to charitable instincts suggests that phishers -- often said to be linked to organised crime -- aren't slowing down their attempts to harvest credit card details and other financial information.
Westpac has been the target of numerous phishing scams in recent months, but a spokesperson recently told ZDNet Australia that customers had become more alert to the problem. All Australia's major banks now have an official policy of never requesting information from customers via e-mail.