Commonwealth Bank customers have been warned of a ‘red flag’ phishing scam email stealing their Netbank details


A whopping 15 million Australians are told to check their emails and bank accounts to make sure they haven’t fallen victim to yet another sophisticated scam.

A whopping 15.9 million Australians have been warned to look for an email that could have their bank details stolen.

Late last week, MailGuard warned that Commonwealth Bank (CBA) customers had received phishing emails trying to trick them into giving up their usernames and passwords.

The scammers’ message appears to be from the ABC, so much so that MailGuard said in a statement that “busy, distracted recipients who don’t bother to think twice could be forgiven for thinking the email is legitimate”.

MailGuard works hard to block email so that it never even reaches users’ inboxes.

The cybercriminal tricks customers into giving up their banking information on the pretext that their account is “temporarily locked” or “suspended.”

A box appears to enter your login details – when in reality you would be giving this personal information directly to the scammer.

Deliver more live and on-demand financial news with Flash. Australia’s largest news streaming service. New to Flash? Try 14 days free now >

The subject line of the email is ‘[Alert] Confirm your Netbank account (Case ID #AU 0PPC001701)’.

Convincingly, the sender’s name appears as “Commonwealth Bank” and is accompanied by a genuine-sounding sender email address of “[email protected]”.

The actual sender email address is ‘[email protected]’.

The email itself reads: “We are unable to confirm (sic) your account information.

“As a result, your account has been temporarily locked.

“All services related to your account have (sic) been suspended pending a resolution. Please provide your details as soon as possible.”

If the victim of the scam clicked on the “confirm my account” hyperlink, they would then be redirected to a screen prompting them to provide their Netbank credentials including customer number and password to the cybercriminals .

The next page then asks for more personal details, including your full name, date of birth, email address and phone number.

It’s getting worse. The third landing page takes you to another set of prompts where you provide your credit card details, including expiration date, CVC, and card PIN.

“Of course the login page is a scam,” MailGuard said.

MailGuard pointed out that in another attempt to “feign authenticity”, the online criminal sends a “one-time password” or OTP code to customers’ mobile phones pretending they are confirming the number provided.

“Although those behind the scam went to great lengths to mimic the ABC’s Netbank email communications and login pages, upon closer inspection grammatical errors present in the body of the email, as well as the domain address, which is not an official Commonwealth Bank hosted website, are all red flags,” MailGuard concluded.

Similar scams occurred in August and September for ABC customers where a scammer posed as the bank.

MailGuard said that, given that the CBA serves 15.9 million customers, it is an “attractive target” for online criminals.

Users are requested not to click on any links and immediately delete the email.

A report could also be made to ScamWatch.

Read related topics:Commonwealth Bank

About Author

Comments are closed.