Commonwealth Bank customers have been warned to be vigilant as a convincing new email scam has been doing the rounds, attempting to trick people into handing over some of their hard-earned cash.
Email security firm MailGuard issued a warning on the scam this week. “Exercise caution if you receive an email supposedly from Commonwealth Bank – the bank has been spoofed via a new multi-staged phishing email scam,” MailGuard said.
“The hallmark of this scam lies in not only how well-crafted it is, but how it ironically utilises multiple safety features to steal confidential data of users.
MailGuard said it had been made aware of a fraudulent email that intends to trick people into thinking that irregular activity has been detected on their account and their account has been restricted and encourages them to click a link to “restore access”.
According to the email security firm, the links lead to a fake version of the Commonwealth Bank website, then prompting customers to hand over their banking information.
Users are then led to another page titled ‘verify your identity’ – the page asks users for their credit card details.
After entering their credit card details, users are led to a third fake page which ask users to go through two-factor authentication by sending a ‘NetCode’ to their mobile phone.
“Once users have submitted their NetCode, they are finally led to the last page of the scam. This page displays an ‘error message’ on top, informing users that their NetCode ‘has expired’,” MailGuard said.
“This sole purpose of this elaborate phishing scam is to harvest the login credentials of Commonwealth Bank customers so the criminals behind this scam can break into their bank accounts.
“As you can see from all the screenshots above, cybercriminals have attempted to replicate official landing pages from Commonwealth Bank – including incorporating the bank’s branding and logo. All this is done in an attempt to trick the users into thinking the scam is legitimate.”
It comes after a report revealed that Aussies are set to be conned out of a record amount to scams in 2019 as losses are forecasted to exceed $532 million by the end of the year. The Australian Competition and Consumer Commission (ACCC) urged consumers to brush up on their scam knowledge in a bid to stop devious scammers.
“Many people are confident they would never fall for a scam but often it’s this sense of confidence that scammers target,” ACCC Deputy Chair Delia Rickard said. “People need to update their idea of what a scam is so that we are less vulnerable. Scammers are professional businesses dedicated to ripping us off. They have call centres with convincing scripts, staff training programs, and corporate performance indicators their ‘employees’ need to meet.”
Investment scams are one of the most financially devastating, the ACCC warned, with almost half of all investment scams reported this year resulting in financial loss. Meanwhile, cryptocurrency investment scams have seen record losses, with people losing $14.76 million between January and July 2019.
The ACCC also advised people to exercise caution when using the internet, as many scammers use social media platforms, fake celebrity endorsements or fake online trading platforms that are made to look legitimate in a bid to get you to part with your hard-earned cash. Meanwhile, Rickard also offered some tips to stay protected, adding: “Don’t be persuaded by celebrity endorsements or ‘not to be missed’ opportunities. You never know for certain who you’re dealing with or whether they’re credible.