Commonwealth Bank Phishing Scam - Online Access Suspended Message
Outline Email, purporting to be from Australia's Commonwealth Bank, claims that the recipient's online account access has been suspended until he or she verifies identity and account details via a link in the message.
The message is not from the Commonwealth Bank. Instead it is a phishing scam sent by Internet criminals and is designed to steal bank account login details and other personal information from bank customers. If you receive this email, or one like it, do not click any links in the message or open any attachments that it may contain.
Your online banking has been temporarily suspended, due to 3 unsuccessful login attempt on your account.
To uplift this suspension, Please click the option Below and enter your personal information correctly.
Failure to complete all information as requested might lead to permanent deactivation of your online banking.
Products issued by Commonwealth Bank Australian
Subject: Online access suspended
Your access to netbank online has been temporarily disabled due to multiple login errors. Protecting the privacy of our banking network is our primary concern. Therefore, as a preventive measure, we have suspended your online banking account.
Please verify your identity and restore your access.
Important Notice: You are strictly advised to match your details correctly to avoid service denial.
This message, which purports to be from Australian based financial institution, the Commonwealth Bank, claims that the recipient's bank account has been disabled due to multiple login errors. To restore access, the message claims, the account-holder must follow a link to login to his or her online account and provide information to verify his or her identity. According to the message these measures are designed to protect the privacy and security of the customer.
However, the email is not from the Commonwealth Bank and the claim that the recipient's account has been suspended is a lie designed to fool potential victims into clicking the link in the message and providing personal information. Those who fall for the ruse and click the "Login" link in the email will be taken to a bogus webpage that has been constructed so that it closely mirrors the genuine Commonwealth Bank login page.
If they then dutifully login on the bogus site, they will be taken to a second page that asks for a large amount of personal information, including answers to the security questions associated with the account, mobile and home phone numbers, address details, driver's licence numbers, and other sensitive personal information. Once victims have provided all the information requested on the bogus web form, and clicked the "Continue" button, they will be taken to a third fake webpage that informs them that they have successfully confirmed their information and therefore regained access to their account. As with the initial "login" page, the subsequent fake pages are designed to look like genuine Commonwealth Bank webpages and include the bank's logos, colour scheme, and layout.
The final "confirmation" page also includes a "Continue" button which victims are instructed to click on to finish the procedure. This time, however, clicking the link takes the user straight to the genuine Commonwealth Bank website. Thus, victims may not even be aware that have submitted the information on a fraudulent website thereby compromising the security of their account and exposing themselves to the risk of identity theft. All information submitted on the bogus website, including the Internet banking login details can be collected by scammers. This information can then be used to access the victims' real bank account, where the scammers can use funds in the account as they see fit and commit other fraudulent activities in the name of the account holder.
Phishing scams of this nature are all too common and, in spite of widespread publicity, they continue to fool people all around the world into handing over their financial and personal information. Legitimate banks and other financial institutions will never send their customers unsolicited, generic emails that request them to click a link to login and provide personal information. When using Internet banking, always access the bank's website by typing the website address into your browser's address bar. Do not follow links to a login page that are included in an unsolicited email purporting to be from your bank. When logging into your bank's website, always ensure that the page is a secure (https) site. No legitimate bank will ever ask for login or other personal information via an unsecure (http rather than https) webpage. If you are accessing a secure (https) page, a "lock" icon should be displayed in your browser's status bar or in the address field.