Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

Commonwealth Bank 'eStatement Ready' Phishing ScamE


Message purporting to be from Australia's Commonwealth Bank advises the recipient that an online account statement is ready for viewing.

© alexandragl

Brief Analysis

The email is not from the Commonwealth Bank. It is a phishing scam designed to steal bank account login details and other personal information.


Subject: eStatement for December 2013 is ready
From:  Commonwealth - NetBank 

Email notification to let you know that your online statements for December is ready for viewing.

Online statements are fast, free, and always available. They never get lost in the mail or misplaced.

Plus, online statements save paper and trees.

Just log on to NetBank and you’ll have access to up to seven years of statements whenever and wherever you’d like.

The number of statements and notices you see will depend on your account.

Your eStatements are ready.

This is an automated message do not reply
Commonwealth Bank of Australia

Comonwealth Bank eStatements Phishing Scam

Detailed Analysis

According to this email, which purports to be from Australia's Commonwealth Bank, online statements for December are ready for viewing. Recipients are urged to click a link labelled "Your eStatements are ready" in order to gain access to the documents.

However, the email is not from the Commonwealth Bank. Instead, it is a phishing scam designed to trick users into divulging their account login details and other information. Those who click the link in the email will be taken to a fake website that very closely mirrors the appearance of the genuine Commonwealth Bank login page. Once they have "logged in" on the fake page, users will then be asked to provide their email username and password, their date of birth, and their contact details, ostensibly to confirm their account.

After submitting this information, users will be automatically redirected to the genuine Commonwealth Bank website.

Meanwhile, the criminals operating the scam can use the stolen information to hijack the bank accounts belonging to their victims. They can also take control of their email accounts and use them to engage in further spam and scam campaigns in the name of their victims.

The scammers know that many modern banks do offer customers online versions of their banking statements and may send out email notifications when such statements are ready. However, banks will not generally instruct users to follow a direct login link to view statements.

Note also that are another version of the scam is targeting Westpac customers. Other Australian banks may also be targeted.

Phishing is a very common scam. Be wary of any email that asks you to click a link to login and provide account information, regardless of the reason given. It is always safest to access your online accounts by entering the address into your browser's address bar rather than by clicking a link in the message.

Last updated: January 9, 2014
First published: January 9, 2014
By Brett M. Christensen
About Hoax-Slayer

Westpac Phishng Scam Warning
Phishing Scams - Anti-Phishing Information