Commonwealth Bank customers are currently the target of yet another online phishing scam purporting to be from the big four bank.
This attack comes only a week after MailGuard successfully identified and blocked another CommBank email phishing scam. This threat forms part of a new zero day spam campaign leaving internet banking customers vulnerable to identity theft.
Here is a screenshot of one variation we have observed:
As you can see, the purported sender is Commonwealth. The sender attempts to alert the recipient of a ‘new statement and important message available to view’.
This particular variation states the last four digits of an online bank account to further convince the user that this is legitimate brand communication. Many bank holders do not know the last four digits of their account number, and as a result may not be alarmed by this inaccuracy in information.
We have previously observed this technique used by scammers impersonating Commonwealth Bank brand communication. Cyber criminals use syntax spinners to dynamically generate email content and distribute thousands of unique variations, bypassing content spinners.
The recipient is encouraged to view their statement online via the yellow and black ‘view statement now’ button or the ‘now available’ hyperlinked text.
Upon clicking either link, the user arrives on the above login page. Whilst the cyber criminals have made a more realistic attempt at replicating a legitimate login URL than previous online banking scams we have reported on; a vigilant user will identify this as a scam simply by noting the fraudulent domain in the website address field.
This destination page is a replica of the official CommBank internet banking login page.
Submitting your login credentials into the provided form directs you to a landing page asking to “confirm your NetBank account details”.
The victim is prompted to enter verification information including their Date of Birth and Credit Card details. The target is promised access to their online statement, but instead forfeits their private information after submission.
Let’s take a look at what this scammer now has access to:
- Your Commonwealth Bank internet banking account.
- The debit/credit card information you just disclosed all details to.
- Verification information (first and last name, date of birth) that can be used to bypass authentication processes and gain access to related services.
As a precaution, we urge you to delete any emails the following how to prevent phishing checklist:
- Appear to be from a legitimate company, but are not addressed to you by name/are written in poor English.
- Request personal information that the purported sender should already have access to.
- Use fear as a form of urgency. The subject of this email enforces immediate action, “Important message available to view”. Email scams are often distributed with an urgent call to action. This is a cyber criminal’s attempt to use fear to convince the user to act quickly.
- Require you to click a link in the email body to verify your identity. Banks are aware that cyber criminals attempt to trick users into accessing compromised websites via social engineering techniques, like hyperlinks and cloaked buttons within the email body. Your bank will always instruct you to go to their website directly. Enter the legitimate URL into your website address field as a precautionary security measure.
- Mouse over any links to see where they will take you before you click. Pay close attention to the URL the purported sender uses. If it takes you somewhere you don't recognise, then it's something to treat as suspicious.
How to report a scam:
Commonwealth Bank offers a detailed online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report phishing, by calling 132 221 or emailing them at firstname.lastname@example.org.
Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.