Exercise caution if you receive an email claiming to be from the Commonwealth Bank. The bank has been spoofed by cybercriminals in a phishing email scam that is currently infiltrating inboxes.
MailGuard intercepted the first of these fraudulent emails on Tuesday afternoon (AEST). Using a display name of "Commbank", the emails are titled "You've a new account statement - it includes an important notice". The body of the email appears in plain-text format and advises recipients that they have a new account statement waiting to be opened. A link is included to "read my statement now".
Here is a screenshot of the email:
When unsuspecting victims click on the link, they are then taken to a fake ‘NetBank’ login page. Designed to steal users’ confidential information, this page incorporates the branding and logo of Commonwealth Bank in a bid to boost the credibility of the page and get them to input their details without hesitation. Please refer to the screenshot below:
Despite the fact that cybercriminals went to great lengths to ensure this phishing page looks legitimate, this scam was not as cleverly designed as some of the ones we see here at MailGuard.
For one, the phishing email in itself contains formatting and grammatical errors, such as the extra spacing within the first sentence of the body of the email: “You’v e a new account statement…”. This is an obvious red flag for anyone who is vigilant enough to spot fake email scams.
Secondly, while the subject line used in this email scam is commonly used in legitimate notifications from Commonwealth Bank, account holders would know that the bank would never direct recipients to click on a link to view statements or any other account details. Instead, genuine emails from bank normally advise recipients to to visit the Commonwealth Bank website themselves (without clicking on any links).
As a precaution, we urge you not to click links within emails that:
- Are not addressed to you by name.
- Appear to be from a legitimate company but use poor English or omit personal details that a legitimate sender would include.
- Are from businesses that you were not expecting to hear from.
- Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. The Commonwealth Bank login page is: https://www.my.commbank.com.au/netbank/Logon/Logon.aspx
Commonwealth Bank offers a comprehensive online resource to help identify and report scams purporting to be from them. You can verify the authenticity of any contact you aren’t sure about, or report phishing, by calling 132 221 or emailing them at email@example.com.
Educating staff and employing cloud-based email and web filtering is your first and best line of defence. Compliment this multilayered defence with on premise antivirus, anti-malware and anti-spyware solutions. This will go a long way to mitigating the risk from a wide range of email scams.
Secure your inbox
Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious emails, like the one above, entering your network.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.