Caution: this CommBank email is a fake

Posted by Emmanuel Marshall on 02 August 2018 10:44:57 AEST

If you’ve visited the login screen above, you may have fallen victim to a new phishing scam MailGuard has discovered.

Although it looks like a real bank login page, it’s actually a phishing site set up by criminals to harvest people’s bank passwords.

Phishing scams like this one are  a big growth industry for cybercriminals at the moment. Exploiting people’s trust of big brand trademarks is a useful strategy for fraudsters who want to gain access to sensitive data.

This scam using CommBank’s trademarks is instigated using an email like the one in the screenshot below:

180802-commbank1

The hackers who sent this email are hoping that the recipient will be unwary enough to click the link to “www.commbank.com.au” which leads to the phishing site.

The message uses phrases like “security system upgrade” and “confirmation code” to try and sound legitimate, and lull the victim into a false sense of security.

Once the victim has clicked over to the phishing page and entered their online banking credentials, the criminals who run the scam will have everything they need to log in and clear out the account.

 

What is "phishing?"


Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain. 

Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.

A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.

Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services. 

In a typical phishing scam criminals create email templates that look like messages from big companies - like CommBank - and send them out wholesale to millions of recipients. When the scam message shows up in a victim’s inbox they feel safe opening it because it looks like a legitimate message from a familiar company.

Some commonly used brandjacking formats are fake invoice notifications or requests for account verification.

  

Defend your inbox


Phishing attacks can be enormously costly and destructive an
d new scams are appearing every day. Don’t wait until it happens to your business; take action to protect your company, now.

Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious email entering your network. 
Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates

 

 

Topics: Phishing Commonwealth Bank Commbank brandjacking Threat Update bank scam

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all