MailGuard 05 August 2021 16:06:50 AEST 12 MIN READ

Latest Phishing Threat Casts Net Over CBA Customers

Commonwealth NetBanking Clients are the most recent targets of a phishing scam intercepted by MailGuard. Cybercriminals have targeted the NetBank customers of Australia’s largest financial services institution with almost 16 million prospective victims.  

Purporting to be from the Customer Advocacy department of CBA, the phishing attempt aims to secure important identity credentials including the victims full name, date of birth, zip code and contact phone number along with login information for criminal harvesting, which if successful, can lead to a severe negative financial impact for the unsuspecting victim.  

The scammers journey begins with a simple HTML email from customeradvocate@cba.com.au, falsely alerting the unassuming NetBank user of a security warning stemming from an unauthorised login attempt. Spiking the victim’s fear of being locked out of their banking account, the scammer advises the user that their NetBank is locked, luring them into clicking on the phishing link or “More Details” button in order to restore access. In this case, both the subject matter of the email and content has been purposefully crafted to create an urgency for the victim to enter their credentials.  

Netbank-6-01

The user is then taken to the first phishing page below which is hosteby  LinkTree. Upon closeexamination of the web link, a spelling error in “Australia” hints that it may be a scam. 

Netbank-1-01

 

If the recipient clicks on the phishing link or “Log on to NetBank” button, they are taken to the following page that asks for their CBA NetBank client number and password. The scammers have gone to great lengths to impersonate the branding and content of the original CBA Net Bank login page by including an option to install the CommBank App, quicklinks to FAQ’s and a new user registration component.

NetBank - Log on to NetBank - Enjoy simple and secure online banking from Commonwealth Bank — Mozilla Firefox_599

After logging in or entering their client number and password, the victim is taken to the second phishing page which asks for more in-depth information: Full Name, Date of Birth and Phone Number. A clear attempt at harvesting information for criminal activity such as identity theft. Once the victim has entered the required information, they are taken to the next page, which asks for an OTP (One Time Password) that is sent via SMS, assuming that the phishing site is trying to login with the details provided in the previous page. Accurate CBA branding and a link to a recent CBA EOFY article are added to trick the victim.  

NetBank - OTP Code — Mozilla Firefox_601

The final page of the phishing attack notifies the victim that their details have been verified, before taking them back to a legitimate Commonwealth Bank login page. Once again, reference to quicklinks, accurate CBA branding and website hosting have been copied in order to lure the recipient into trusting the authenticity of the request.  

NetBank - Verify Personal Details — Mozilla Firefox_602

Commonwealth Bank (CBA) advises customers that have concerns about the safety of their accounts to call 13 2221 immediately, and provides the following advice on its website (https://www.commbank.com.au/support/security/sms-phishing-scams.html) for customers concerned about email and SMS scams:   

  • Remember, we'll never ask you for your banking information by email or text message 
  • Stop before you click 
  • To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications 
  • Report suspicious emails to hoax@cba.com.au then delete them straight after. Do not reply or engage with them 
  • Be aware that scams can also come via the telephone with people pretending to be from a reputable organisation who try and gain access to your computer, bank account and money. In this case the best thing you can do is hang up and call on an organisation’s officially listed phone number to verify the communication 

MailGuard urges all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and can have a severe impact on your financial well-being.  

MailGuard urges users not to click links or open attachments within emails that: 

  • Are not addressed to you by name. 
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include. 
  • Are from businesses that you were not expecting to hear from, and/or 
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.  

  

One email is all that it takes 

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business. 

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's network. 

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates