Foxy, I think the moral of the story is that you could have happily done as you wished, safe in the knowledge that Westpac's excellent security team would protect you.

CH, I agree with you about the invasion of partisan political sniping.

Jayb et al, good advice about emails. In this case the message came on a text and the lady properly identified herself as well as identifying transactions I had made. Unless the bank itself has been compromised, in which case I can't do much except wait anyway, I think it's reasonable to accept it as legitimate.

I do suggest using PayPal, but also take advantage of the offer from the banks of two-step security on transactions, so that no transaction will be cleared without you entering a security code contained in an SMS sent to your nominated mobile phone number.

On the whole, I'm actually more, rather than less confident in transacting online after this experience.

A number of correspondents say they use Paypal which is a good move, but be aware that there have been numerous attempts by nefarious organisations to send out phishing emails under the guise of Paypal with authentic looking logos etc., in an attempt to get your account number and password. I have had at least half a dozen.

Make sure any emails you receive address you by name and have the padlock or https in the address bar if you click on any link. Better still don't click on a link just go into your individual browser and start from scratch.

On the subject of email security, always delete all the previous email addresses before forwarding them on or use Bcc. That exhortation to circulate something because "some kid is dying or wants to break a record of some sort" is only a method to prey on your conscience in order to vacuum up all the email addresses with an embedded tracking device.