If you’ve visited the login screen above, you may have fallen victim to a new phishing scam MailGuard has discovered.
Although it looks like a real bank login page, it’s actually a phishing site set up by criminals to harvest people’s bank passwords.
Phishing scams like this one are a big growth industry for cybercriminals at the moment. Exploiting people’s trust of big brand trademarks is a useful strategy for fraudsters who want to gain access to sensitive data.
This scam using CommBank’s trademarks is instigated using an email like the one in the screenshot below:
The hackers who sent this email are hoping that the recipient will be unwary enough to click the link to “www.commbank.com.au” which leads to the phishing site.
The message uses phrases like “security system upgrade” and “confirmation code” to try and sound legitimate, and lull the victim into a false sense of security.
Once the victim has clicked over to the phishing page and entered their online banking credentials, the criminals who run the scam will have everything they need to log in and clear out the account.
What is "phishing?"
Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain.
Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.
A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.
Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services.
In a typical phishing scam criminals create email templates that look like messages from big companies - like CommBank - and send them out wholesale to millions of recipients. When the scam message shows up in a victim’s inbox they feel safe opening it because it looks like a legitimate message from a familiar company.
Some commonly used brandjacking formats are fake invoice notifications or requests for account verification.
Defend your inbox
Phishing attacks can be enormously costly and destructive and new scams are appearing every day. Don’t wait until it happens to your business; take action to protect your company, now.
Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious email entering your network.
Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:
