Millions of Commonwealth Bank NetBank customers are at risk of having their details stolen via the latest phishing email intercepted by MailGuard. This is the second time in the last month that scammers have purported to be the bank, one of Australia’s largest financial institutions, in an attempt to lure unsuspecting victims into providing sensitive data, such as customer account information and credit card details for credential harvesting purposes. Cybercriminals often imitate financial institutions due to their large customer base, trusted name, and the plethora of data at hand.
The subject of the email contains an ‘Electronic Ticket’ number, corresponding to an alert from the customers NetBank account. Although the sender appears to be ‘NetBank’ the email address originates from multiple sources and contains domain names not representative of ones owned by Commonwealth Bank. The senders email address appears to be compromised mailboxes. The body of the email advises the unsuspecting victim that a ‘Financial Statement’ is ready to be accessed, simply by clicking on the link provided. CBA branding is used throughout.
Here’s what the email looks like:
Once the user clicks on the link, they are taken to the following NetBank login page, which requires them to enter their client number and password in order to be able to access the phoney financial statement. The scammers cleverly mimic the actual branding used by CommBank, using sponsorship images, links to online support services and ‘quicklinks’ to other services provided to the NetBank community.
The domain name used throughout the phishing attempt, appears to be an automatically generated one that belongs to another business and is hosted using an IP address controlled by Amazon.
After logging on to their NetBank account, the victim is then taken to the next phishing page, which asks for credit card verification. In addition to branding, details such as a customer contact phone number, security guarantee, privacy policy and credit license number have been provided to feign authenticity and trick the user into believing that the communication is legitimate. The customer is then met with a loading page, advising the user that their ‘data is being processed’ whilst it is in fact being harvested by the scammers.
Finally, a verification page is shown, displaying a message of ‘success’ in the domain name, indicating the end of the phishing process before the user is redirected to a legitimate CommBank website page.
Commonwealth Bank (CBA) advises customers that have concerns about the safety of their accounts to call 13 2221 immediately, and provides the following advice on its website (https://www.commbank.com.au/support/security/sms-phishing-scams.html) for customers concerned about email and SMS scams:
MailGuard urges all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and can have a severe impact on your financial well-being.
MailGuard urges users not to click links or open attachments within emails that:
One email is all that it takes
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's network.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.