Serious warning for 15 million Commonwealth Bank customers
Commonwealth Bank (CBA) customers have been warned to be wary if they receive an email claiming that their account has been ‘locked’.
The email warns of a ‘temporary suspension’ that can only be fixed by confirming your account details.
MailGuard warned that the email is likely to be one of the latest phishing scam emails to target Aussies.
Also read: $27 million gone: Aussies targeted by scams in lockdown
Also read: $70m gone: The investment guaranteed to lose
With the subject ‘[Alert] Confirm your Netbank account (Case ID #AU 0PPC001701)’, the email sender display name is ‘Commonwealth Bank’ accompanied by an authentic sounding sender email address of ‘customerassist@cba.com.au’.
The actual sender email address is ‘whulk@whulk.com’, however those who don’t take care to look twice, could be forgiven for thinking the email is legitimate, MailGuard said.
The email calls for customers to ‘click on Confirm My Account and Login to your Netbank account...’.
Those who do this would be delivered to an accurate replication of the Netbank login page.
“Of course, the login page is a scam, and once recipients have completed the first phishing page they will have mistakenly provided their Netbank credentials, including their Client number and Password to cybercriminals,” MailGuard said.
“Not satisfied with that information, the next page requests your personal details, including your full name, date of birth, email address and phone number.”
To further feign authenticity, the scam sends a ‘One Time Password’ or OTP code to customers to confirm that they are indeed the owner of the mobile phone number provided.
Having captured your Netbank credentials and your personal details, the scammers continue to request your credit card information, including the card number, expiry date, card PIN, and CVV.
In the final steps of the scam, the cybercriminals behind the ruse send another OTP code, before completing the process.
“Although those behind the scam have gone to great lengths to imitate CBA’s Netbank email communications and Login pages, upon closer inspection, grammatical errors present in the body of the email, as well as the domain address, which is not an official Commonwealth Bank hosted website, are all red flags,” Mailguard said.
MailGuard has urged all recipients of this email to delete it immediately without clicking on any links.
“Providing your personal details can result in your sensitive information being used for criminal activity and can have a severe impact on your business’s financial well-being,” it said.
CBA advises customers that have concerns about the safety of their accounts to call 13 2221 immediately.
CBA said for customers concerned about email and SMS scams:
“Remember, we'll never ask you for your banking information by email or text message
Stop before you click
To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications
Report suspicious emails to hoax@cba.com.au then delete them straight after. Do not reply or engage with them
Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.