Australia markets close in 1 hour 8 minutes
  • ALL ORDS

    7,345.20
    +19.00 (+0.26%)
     
  • ASX 200

    7,107.20
    +14.20 (+0.20%)
     
  • AUD/USD

    0.7007
    +0.0032 (+0.46%)
     
  • OIL

    113.70
    -0.50 (-0.44%)
     
  • GOLD

    1,822.60
    +8.60 (+0.47%)
     
  • BTC-AUD

    43,332.54
    -227.51 (-0.52%)
     
  • CMC Crypto 200

    682.46
    +439.78 (+181.22%)
     
  • AUD/EUR

    0.6709
    +0.0029 (+0.43%)
     
  • AUD/NZD

    1.1059
    +0.0013 (+0.12%)
     
  • NZX 50

    11,123.75
    -33.91 (-0.30%)
     
  • NASDAQ

    12,243.58
    -143.82 (-1.16%)
     
  • FTSE

    7,464.80
    +46.65 (+0.63%)
     
  • Dow Jones

    32,223.42
    +26.76 (+0.08%)
     
  • DAX

    13,964.38
    -63.55 (-0.45%)
     
  • Hang Seng

    20,395.66
    +445.45 (+2.23%)
     
  • NIKKEI 225

    26,624.89
    +77.84 (+0.29%)
     

Serious warning for 15 million Commonwealth Bank customers

·3-min read
The exterior of a commonwealth bank building and a copy of the scam email.
Commonwealth Bank customers are being targeted by a phishing scam. (Source: Getty/MailGuard)

Commonwealth Bank (CBA) customers have been warned to be wary if they receive an email claiming that their account has been ‘locked’.

The email warns of a ‘temporary suspension’ that can only be fixed by confirming your account details.

MailGuard warned that the email is likely to be one of the latest phishing scam emails to target Aussies.

With the subject ‘[Alert] Confirm your Netbank account (Case ID #AU 0PPC001701)’, the email sender display name is ‘Commonwealth Bank’ accompanied by an authentic sounding sender email address of ‘customerassist@cba.com.au’.

The actual sender email address is ‘whulk@whulk.com’, however those who don’t take care to look twice, could be forgiven for thinking the email is legitimate, MailGuard said.

The email calls for customers to ‘click on Confirm My Account and Login to your Netbank account...’.

A screenshot of the fake CBA email.
CBA customers have been warned to be wary of this fake CBA email. (Source: MailGuard)

Those who do this would be delivered to an accurate replication of the Netbank login page.

“Of course, the login page is a scam, and once recipients have completed the first phishing page they will have mistakenly provided their Netbank credentials, including their Client number and Password to cybercriminals,” MailGuard said.

“Not satisfied with that information, the next page requests your personal details, including your full name, date of birth, email address and phone number.”

To further feign authenticity, the scam sends a ‘One Time Password’ or OTP code to customers to confirm that they are indeed the owner of the mobile phone number provided.

Having captured your Netbank credentials and your personal details, the scammers continue to request your credit card information, including the card number, expiry date, card PIN, and CVV.

In the final steps of the scam, the cybercriminals behind the ruse send another OTP code, before completing the process.

“Although those behind the scam have gone to great lengths to imitate CBA’s Netbank email communications and Login pages, upon closer inspection, grammatical errors present in the body of the email, as well as the domain address, which is not an official Commonwealth Bank hosted website, are all red flags,” Mailguard said.

MailGuard has urged all recipients of this email to delete it immediately without clicking on any links.

“Providing your personal details can result in your sensitive information being used for criminal activity and can have a severe impact on your business’s financial well-being,” it said.

CBA advises customers that have concerns about the safety of their accounts to call 13 2221 immediately.

CBA said for customers concerned about email and SMS scams:

  • “Remember, we'll never ask you for your banking information by email or text message

  • Stop before you click

  • To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications

  • Report suspicious emails to hoax@cba.com.au then delete them straight after. Do not reply or engage with them

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting