Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share







Commonwealth Bank Phishing Scam Emails

Summary:
Emails, purporting to be from Australia's Commonwealth Bank, claim that the recipient needs to click a link to logon to his or account in order to update information or rectify specified problems with the account (Full commentary below).



Status:
Messages are not from the Commonwealth Bank. They are phishing scams designed to steal financial information.

Example:(Received May, June 2009)
Example 1:
Dear member:

We have recently updated our Online system to include new layer secure authentication. This is intended to provide you with the best security possible when accessing your account.
You will need to update your account in order to continue using your card.

Commonwealth Home (Link Removed)

Your ticket code is LTK1134615X.
We apologize for any inconvenience this may cause and appreciate your patience and understanding.

Member ID 78728

Example 2:

Dear Valued Customer,

This email is your official notification from Commonwealth Bank.
Your NetBank service has expired on 31 May 2009. If you want to continue using our service you have to update your NetBank account. If you do not update your profile, your Netbank account will be deactivated and deleted.

Please notice that your Credit card, Debit MasterCard or Keycard issued by Commonwealth Bank will be disabled untill you verify your online service due to security of your payments.

To renew your online account, Please click the link below:

Link Removed

Example 3: You have 1 new message
Please login to your Commonwealth Bank of Australia Netbank and visit the Message Center section in order to read the message.

To Login, please click the link below:

Commonwealth Bank Netbank (Link Removed)

Example 3:
Dear Commonwealth Bank customer,

We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons.

We now need you to re-confirm your account information to us.

If this is not completed by June 1, 2009, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.

To confirm your Online Banking records click on the following link:
[Link Removed]

Thank you for your patience in this matter,
Commonwealth Bank Customer Service

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.




Commentary:
Leading Australian bank, the Commonwealth Bank, has recently been the target of an ongoing scam campaign by Internet criminals.

Many people have received emails purporting to be from the Commonwealth Bank that ask them to click a link, ostensibly to logon to their online banking account. Although they may look quite authentic - some even include seemingly official bank logos and secondary links - the messages are not from the Commonwealth Bank. Instead, they are scam emails designed to trick recipients into providing their private financial information to Internet criminals.

Those who click the links included in the scam emails will be taken to a bogus website designed to resemble the genuine Commonwealth Bank login page. If victims login on the fake website, they may then be asked to provide financial information such as credit card details. The criminals running the scam are able to capture all information provided by the victim, including the online banking username and password. Once they have obtained this information, the criminals can then access the victim's real Commonwealth bank account, transfer and manipulate funds and use the account and other financial information provided for various fraudulent activities.

The scammers use a variety of ruses designed to trick users into following the links in their scam emails. In some they claim that the account has been or will be suspended. Other emails claim that the customer's online bank access has expired. Still others claim that the online banking system has been updated. And some simply state that an important message for the customer is waiting for them online. All such claims are false and are intended solely to fool victims into clicking the links and providing information on the fake websites operated by the scammers.

The Commonwealth Bank will never send emails asking customers to update or disclose confidential banking information. The bank has published a warning about these scam emails on its website. Internet users should be very cautious of any email purporting to be from a bank or other financial institution that asks them to click a link to login to their account and provide information. Phishing is one of the most common types of Internet fraud and many people around the world fall victim to it every day.

Read more about phishing scams

comments powered by Disqus



References:
Commonwealth Bank - Latest email scams
Phishing Scams - Anti-Phishing Information

Last updated: 2nd June 2009
First published: 2nd June 2009

Write-up by Brett M. Christensen