Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 104 - July 2010 - Page 3

Pages in this month's issue:
  1. Two Suns - Star Aderoid Hoax
  2. Deaths From Free Perfume Samples Hoax
  3. Commonwealth Bank Phishing Scam - Online Access Suspended Message
  4. Remus Rudd Hanged Horse Thief Hoax
  5. Muslim Sign in Houston Mall Protest Message - The Martyrdom of Imam Ali
  6. Converted Grain Silo Apartment Photographs
  7. Abduction Alert Message For Eight Year Old Girl From West Valley City Utah
  8. Bill Cosby Write-In Candidate For President In 2012 Hoax
  9. Old Woman and The Smashed Car Window Abduction Warning Hoax
  10. Motorcycle Inside Volkswagen Accident Photographs
  11. Compuserve Database Upgrade Phishing Scam
  12. Free Starlight Cruise For Forwarding Hoax
  13. Facebook Deactivated Account Spam
  14. Rehana 27 From Leicister Hacker Warning Hoax
  15. Apple iPhone and iPad Giveaway Spam on Facebook
  16. Not Able to Deliver UPS Package Malware Email
  17. Emiliano Briones Ronquillo Prayer Request Message
  18. Ashley Flores Missing Child Hoax
  19. Bristol Zoo Car Park Attendant Hoax

Issue 104 Start Menu

Previous Article            Next Article

Commonwealth Bank Phishing Scam - Online Access Suspended Message

Outline
Email, purporting to be from Australia's Commonwealth Bank, claims that the recipient's online account access has been suspended until he or she verifies identity and account details via a link in the message.



Brief Analysis
The message is not from the Commonwealth Bank. Instead it is a phishing scam sent by Internet criminals and is designed to steal bank account login details and other personal information from bank customers. If you receive this email, or one like it, do not click any links in the message or open any attachments that it may contain.

Bookmark and Share
Detailed analysis and references below example.



Scroll down to submit comments
Last updated: 10th June 2010
First published: 10th June 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Online access suspended

Dear customer,

Your access to netbank online has been temporarily disabled due to multiple login errors. Protecting the privacy of our banking network is our primary concern. Therefore, as a preventive measure, we have suspended your online banking account.

Please verify your identity and restore your access.
Login here.

Important Notice: You are strictly advised to match your details correctly to avoid service denial.

Yours sincerely,
Commonwealth online banking customer service.



Detailed Analysis
This message, which purports to be from Australian based financial institution, the Commonwealth Bank, claims that the recipient's bank account has been disabled due to multiple login errors. To restore access, the message claims, the account-holder must follow a link to login to his or her online account and provide information to verify his or her identity. According to the message these measures are designed to protect the privacy and security of the customer.

However, the email is not from the Commonwealth Bank and the claim that the recipient's account has been suspended is a lie designed to fool potential victims into clicking the link in the message and providing personal information. Those who fall for the ruse and click the "Login" link in the email will be taken to a bogus webpage that has been constructed so that it closely mirrors the genuine Commonwealth Bank login page.

If they then dutifully login on the bogus site, they will be taken to a second page that asks for a large amount of personal information, including answers to the security questions associated with the account, mobile and home phone numbers, address details, driver's licence numbers, and other sensitive personal information. Once victims have provided all the information requested on the bogus web form, and clicked the "Continue" button, they will be taken to a third fake webpage that informs them that they have successfully confirmed their information and therefore regained access to their account. As with the initial "login" page, the subsequent fake pages are designed to look like genuine Commonwealth Bank webpages and include the bank's logos, colour scheme, and layout.

The final "confirmation" page also includes a "Continue" button which victims are instructed to click on to finish the procedure. This time, however, clicking the link takes the user straight to the genuine Commonwealth Bank website. Thus, victims may not even be aware that have submitted the information on a fraudulent website thereby compromising the security of their account and exposing themselves to the risk of identity theft. All information submitted on the bogus website, including the Internet banking login details can be collected by scammers. This information can then be used to access the victims' real bank account, where the scammers can use funds in the account as they see fit and commit other fraudulent activities in the name of the account holder.

Phishing scams of this nature are all too common and, in spite of wide spread publicity, they continue to fool people all around the world into handing over their financial and personal information. Legitimate banks and other financial institutions will never send their customers unsolicited, generic emails that request them to click a link to login and provide personal information. When using Internet banking, always access the bank's website by typing the website address into your browser's address bar. Do not follow links to a login page that are included in an unsolicited email purporting to be from your bank. When logging into your bank's website, always ensure that the page is a secure (https) site. No legitimate bank will ever ask for login or other personal information via an unsecure (http rather than https) webpage. If you are accessing a secure (https) page, a "lock" icon should be displayed in your browser's status bar or in the address field.

Bookmark and Share

References
Phishing Scams - Anti-Phishing Information
Difference Between http & https
Previous Article            Next Article

Issue 104 Start Menu

Pages in this month's issue:
  1. Two Suns - Star Aderoid Hoax
  2. Deaths From Free Perfume Samples Hoax
  3. Commonwealth Bank Phishing Scam - Online Access Suspended Message
  4. Remus Rudd Hanged Horse Thief Hoax
  5. Muslim Sign in Houston Mall Protest Message - The Martyrdom of Imam Ali
  6. Converted Grain Silo Apartment Photographs
  7. Abduction Alert Message For Eight Year Old Girl From West Valley City Utah
  8. Bill Cosby Write-In Candidate For President In 2012 Hoax
  9. Old Woman and The Smashed Car Window Abduction Warning Hoax
  10. Motorcycle Inside Volkswagen Accident Photographs
  11. Compuserve Database Upgrade Phishing Scam
  12. Free Starlight Cruise For Forwarding Hoax
  13. Facebook Deactivated Account Spam
  14. Rehana 27 From Leicister Hacker Warning Hoax
  15. Apple iPhone and iPad Giveaway Spam on Facebook
  16. Not Able to Deliver UPS Package Malware Email
  17. Emiliano Briones Ronquillo Prayer Request Message
  18. Ashley Flores Missing Child Hoax
  19. Bristol Zoo Car Park Attendant Hoax