Exercise caution if you receive an email claiming to be from the Commonwealth Bank, today.
A scam email - shown in the screenshot above - has been detected by MailGuard, urging recipients to “log on to Netbank” by clicking on a link.
The scam message has been quite well designed, with forged Commonwealth Bank trademarks, but there is a tell-tale error in the message text; “to confirm your NetBank account, you are to sign on before April 1st May, 2018.”
Small mistakes like this are often the only obvious indication that a message like this is actually a scam.
Also useful in identifying scam messages are the suspicious sender names and addresses. This scam is originating from a range of senders including:
- From: "Commonwealth Bank of Australia" <firstname.lastname@example.org>
- From: "Commonwealth Bank of Australia" <email@example.com>
- From: "Commonwealth Bank of Australia" <firstname.lastname@example.org>
- From: "Commonwealth Bank of Australia" <email@example.com>
- From: "Commonwealth Bank of Australia" <firstname.lastname@example.org>
- From: "Commonwealth Bank of Australia" <email@example.com>
- From: "Commonwealth Bank of Australia" <firstname.lastname@example.org>
- From: "Commonwealth Bank of Australia" <email@example.com>
Clicking on the link in this message takes the scam victim to a fake Comm-Bank login page:
This phishing page will harvest the victim’s bank login details, enabling the cybercriminals behind this scam to illegally gain access to their account.
MailGuard has protected our customer’s inboxes from this scam, but if you are not a MailGuard client you should keep an eye out for this phishing attack.
Help us alert people to this scam by sharing our Tweet with your network:
#ZERODAY #FASTBREAK We've blocked a HTML email #brandjacking @CommBank, links to a well crafted #phishing site asking for your login and NetCode details. Sender name is: Commonwealth Bank of Australia. More details to be published on the #MailGuard blog: https://t.co/H3CJHt7R4e pic.twitter.com/hThyoXZB3z— MailGuard (@MailGuard) April 30, 2018
Cybercriminals use simple scam emails to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly worded email. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: