Millions of Commonwealth Bank NetBank customers are at risk of having their details stolen via the latest phishing email intercepted by MailGuard. This is the second time in the last month that scammers have purported to be the bank, one of Australia’s largest financial institutions, in an attempt to lure unsuspecting victims into providing sensitive data, such as customer account information and credit card details for credential harvesting purposes. Cybercriminals often imitate financial institutions due to their large customer base, trusted name, and the plethora of data at hand.
The subject of the email contains an ‘Electronic Ticket’ number, corresponding to an alert from the customers NetBank account. Although the sender appears to be ‘NetBank’ the email address originates from multiple sources and contains domain names not representative of ones owned by Commonwealth Bank. The senders email address appears to be compromised mailboxes. The body of the email advises the unsuspecting victim that a ‘Financial Statement’ is ready to be accessed, simply by clicking on the link provided. CBA branding is used throughout.
Here’s what the email looks like:
Once the user clicks on the link, they are taken to the following NetBank login page, which requires them to enter their client number and password in order to be able to access the phoney financial statement. The scammers cleverly mimic the actual branding used by CommBank, using sponsorship images, links to online support services and ‘quicklinks’ to other services provided to the NetBank community.
The domain name used throughout the phishing attempt, appears to be an automatically generated one that belongs to another business and is hosted using an IP address controlled by Amazon.
After logging on to their NetBank account, the victim is then taken to the next phishing page, which asks for credit card verification. In addition to branding, details such as a customer contact phone number, security guarantee, privacy policy and credit license number have been provided to feign authenticity and trick the user into believing that the communication is legitimate. The customer is then met with a loading page, advising the user that their ‘data is being processed’ whilst it is in fact being harvested by the scammers.
Finally, a verification page is shown, displaying a message of ‘success’ in the domain name, indicating the end of the phishing process before the user is redirected to a legitimate CommBank website page.
Commonwealth Bank (CBA) advises customers that have concerns about the safety of their accounts to call 13 2221 immediately, and provides the following advice on its website (https://www.commbank.com.au/support/security/sms-phishing-scams.html) for customers concerned about email and SMS scams:
- “Remember, we'll never ask you for your banking information by email or text message
- Stop before you click
- To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications
- Report suspicious emails to hoax@cba.com.au then delete them straight after. Do not reply or engage with them
- Be aware that scams can also come via the telephone with people pretending to be from a reputable organisation who try and gain access to your computer, bank account and money. In this case the best thing you can do is hang up and call on an organisation’s officially listed phone number to verify the communication”
MailGuard urges all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and can have a severe impact on your financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from, and/or
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's network.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
