MailGuard have identified and successfully blocked an email phishing attack targeting Commonwealth Bank customers.
We have blocked previous variations of this scam targeting Commonwealth Bank customers, however, this has been identified as a new zero day attack that is currently circulating to remain vigilant against.
Here is a screenshot of the type of email to watch out for:
As you can see, the email above appears to originate from Commonwealth Bank and alerts the recipient that their online internet banking access has been suspended.
Interestingly, this email also encourages users to “take [their] debit card and driver’s license” to a nearby Commonwealth Bank branch. This is an obvious attempt to build trust with the recipient and convince them that this is legitimate communication from the bank.
Lower down in the email, the sender gives the recipient the option to unsuspend their account online via a cloaked CommBank link.
The destination page is a replica of the official Commonwealth Bank login page. The only difference being the non-legitimate URL in the website address field.
Upon entering their login credentials, the victim has now entered stage one of this phishing scam.
They are prompted to enter their Commonwealth Bank questions and answers; a security measure implemented by the bank when "performing certain risky activities with NetBank". The victim is also required to enter an additional point of identity verification (their driver's licence), to complete a 100 point identification check.
At this point, the cybercriminal has access to the following information:
- Commonwealth Bank account
- Additional points of authentication - Q&As and Driver’s Licence that can be used to fraudulently hack and gain access to related accounts that use the same verification details.
As a precaution, we urge you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The Commonwealth Bank login page is: https://www.my.commbank.com.au/netbank/Logon/Logon.aspx
Commonwealth Bank offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report phishing, by calling 132 221 or emailing them at firstname.lastname@example.org.
Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.