Commonwealth Bank customers have been alerted to a phishing scam email doing the rounds warning potential victims that their account has been “locked” and warning of “temporary suspension” until you confirm your account details.
Security firm MailGuard detected a series of suspicious emails and texts messages and alerted Commonwealth Bank’s 15.9 million customers.
“Although those behind the scam have gone to great lengths to imitate CBA’s Netbank email communications and Login pages, upon closer inspection, grammatical errors present in the body of the email, as well as the domain address, which is not an official Commonwealth Bank hosted website, are all red flags,” Mailguard said.
“MailGuard urges all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and can have a severe impact on your business’s financial well-being.”
The email features the subject line ‘[Alert] Confirm your Netbank account (Case ID #AU 0PPC001701)’, accompanied by a legitimate sounding email address, and displays the name Commonwealth Bank.
The email prompts customers to ‘click on Confirm My Account and Login to your Netbank account’, and those who do so are delivered to an accurate copy of the real Netbank login page. The Login page is a scam, and once customers have completed the first page they will have provided their Netbank details, including their Client number and Password to scammers.
The scammers also request your personal details, including your full name, date of birth, email address and phone number. The scam will then send a One Time Password or OTP code to customers to confirm that they are the owner of the mobile phone number provided. The scammers will continue to request your credit card information, including the Card Number, Expiry Date, Card PIN, and CVV. In the final steps of the scam, the cybercriminals send another OTP code, before completing the process.
Commonwealth Bank issued a statement to their social media warning their customers to be aware of the suspicious email on January 31.
“We’re aware of a circulating SMS and email scam that’s attempting to get customers to download an app or provide their personal information. If you received this message, please delete it straight away. If you clicked a link and entered personal information and/or installed an app as a result of receiving this message, please DM our team for assistance,” the statement said.
According to the latest data from Scamwatch Australians lost a reported loss of $211 million in 2021 to scams. Aussies aged 65 years and older were the hardest hit by scams in 2021, losing $49.1 million and accounting for 23 per cent of the total losses for the year.