Emmanuel Marshall 21 November 2017 17:19:56 AEDT 3 MIN READ

CommBank Brandjacked by Cybercriminals


Commonwealth Bank is one of Australia’s best known and most trusted brands, so it’s irresistible to phishing scammers.

Today, criminal-intent emails were detected by MailGuard using CommBank branding to try and trick millions of bank customers into giving up their credit card details.

As with many of the more cleverly designed phishing emails MailGuard intercepts, this scam is getting victims to follow a link to a bogus sign-in page. Once the victim enters their personal data, the form asks them for their credit card credentials.

Changes made in your NetBank Account - Mozilla Thunderbird_293.png

The screenshot above is a sample of the email MailGuard intercepted. Note the authentic-looking branding in the header.

After clicking the link in this email the victim of the scam is sent to a login page, shown below, where they are asked to enter personal login data:

NetBank - Logon - Mozilla Firefox_294.png
...and then their credit card details;

Confirm your identity - Mozilla Firefox_295.png

MailGuard successfully intercepted this phishing attack and protected our client’s inboxes.

If you are not a MailGuard customer and received this scam email, contact our team of cybersecurity experts, on 1300 30 44 30, who will advise you on how to take appropriate action.

Genuine communications from CommBank are not formatted like the scam emails MailGuard has intercepted. Compare the examples shown above with a sample of an authentic CommBank email below:

CBA actual transactional email.png


Brandjackers are cybercriminals who use trusted brand names and logos to lull scam victims into a false sense of security.

Brandjacking is a form of cybercrime that is harmful not only to the victims of these sort of fake emails, but also to the companies whose brands the scammers exploit.

CommBank is regularly impacted by scams of this type, so they have set up a customer advice page to help raise awareness of the problem amongst their customers.

On their website CommBank states:

‘There are a number of fraudulent emails currently in circulation claiming to be from the Commonwealth Bank. These emails direct recipients to a fake website that could include a request to participate in a survey, update account details, activate cards, win prizes and money, say you qualify for fee refunds or unlock frozen accounts.
Although these emails may appear genuine, they are fraudulent and should be deleted immediately.
The Commonwealth Bank does not send emails requesting you to confirm, update or disclose your confidential banking information...’

Visit the Commonwealth Bank customer support pages for more information on identifying scam emails.

Protect Your Company's Inboxes:

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering protection to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: click here.

Stay informed on breaking scam news. Subscribe to MailGuard's free weekly updates by clicking on the button below:

Keep Informed with Weekly Updates