Annamaria Montagnese 13 May 2016 18:02:19 AEST 2 MIN READ

Fast-Breaking Attack: Large Scale CBA Email Scam Strikes On Friday The 13th

An unusually high number of emails have been intercepted this afternoon with a fast-breaking Commonwealth Bank email scam.

Striking thousands of businesses on Friday the 13th, the harvested credentials may open other avenues of attack.

Here is a sample of the phishing email:

MailGuard_Commbank_Email_Scam_Screen_Shot_13_May_2016.jpg

The email advises the recipient that they have received a new statement with an important notice.

Clicking the link take users to a fake Commbank login portal.

MailGuard_Commbank_Email_Scam_Landing_Page_Screen_Shot_13_May_2016.jpg

Once signed in, another fake page is presented advising customers that they have ‘already read this statement’.

MailGuard_Commbank_Email_Scam_Landing_Page_2_Screen_Shot_13_May_2016.jpg

As seen in the image above, the Top Level Domain for the Government of Belize is .gov.bz. The fact that the cyber criminals were able to add 'www.commonwealth.com.au' to the left of mrd.gov.bz domain indicates that the spammers were able to gain control of a government level domain name and add their own records. This is called 'domain shadowing' (http://defintel.com/blog/index.php/tag/domain-shadowing).

The users are then redirected to the real Commbank landing page.

MailGuard_Commbank_Email_Scam_Landing_Page_3_Screen_Shot_13_May_2016.jpg

First to stop new attacks, MailGuard is consistently between 2 hours and 48 hours ahead of the market in preventing fast breaking attacks. Most on-premise or hybrid anti-virus vendors require software updates across multiple instances, which can take hours or even days, leaving clients vulnerable.

Beware of emails that: 

  • Contain grammatical or branding errors, but purport to be from reputable organisations that you weren’t expecting.
  • Are not addressed to you personally.
  • Always hover your mouse over the links contained in emails in order to check their legitimacy – don’t click them unless you are sure they are safe.
  • To ensure complete safety, type the URL into your browser or navigate through Google search to find the actual website and enter your credentials.
  • Be particularly wary of emails asking you to supply personal details that the purported organisation should already know, especially those which ask for credit card or bank account details.

If you are unsure if an email is legitimate, contact the bank directly before filing any details in online or clicking links contained within an email. Adding a cloud-based email filtering solution will prevent scams like these phishing emails from reaching your inbox and getting in front of your team. 

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top