The very latest in fast-breaking phishing scams could cost CommBank customers if they aren't careful. The phishing email purports to be from CommBank telling ‘customers’ that their statement is available for viewing along with other important information to view. This phishing scam email is sent from email@example.com.
It asks recipients to click on a link to ‘VIEW STATEMENT NOW’ button.
Once the link is clicked, recipients are taken to what appears to be the legitimate CommBank website. As you can see below in the screen shot, the web address is not the legitimate CommBank website URL - www.commbank.com.au. You may also note the irony with links on the page that point you to articles about protecting clients whilst online, privacy, security and malware information. These could be used as a way to lull you into a false sense of security.
Phishing scams such as these are alarming as they immediately ask for the recipient’s online banking login details, putting your account access in the hands of the scammers. Not only does the website require that you then put in your online banking credentials, you are then taken to another web page which asks for other NetBank account details. These include your Credit Card Number, Expiration Date and CVV number.
Finally, these email recipients are then redirected to the legitimate Commbank website by clicking the ‘Home’ button - none the wiser that they have just been conned and personal banking details stolen.
This is a timely reminder of how sophisticated phishing scams can be. While many of us conduct our banking online, we need to remember that most banks do not send emails and links asking for clients to confirm or adjust banking details. If you do receive one of these emails, delete it immediately and under no circumstances should you ever fill out any personal information on this page or on any other suspicious looking sites.
If ever you are unsure, the best way to protect yourself is to not click on any links or attachments contained within an email. Instead, you should always log into your online banking from your secure web browser. Some particular banks may also have extra security such as security tokens. Again, if in doubt, don’t click suspicious links and contact your bank directly.
Putting in place a multilayered defence program including desktop anti-virus, anti-malware, anti-spyware, and cloud-based email and web filtering services, will also help to insure that you are protected from receiving scam emails and from the malicious or phishing links contained within them.
Being educated and remaining vigilant are just two ways you can protect yourself, your identity and your hard earned cash. For more tips on identifying fake emails, take a look at our blog Don’t Click That! Your Guide To Cyber-attacks And Tips For Being Cyber Safe Within Your Business.