News, Culture & Society

New Commonwealth Bank scam has left nearly 16 MILLION Australians at risk

New scam that replicates the security features of a real bank website has left nearly 16 MILLION Australians at risk

  • Australians have been told to look out for an elaborate new email phishing scam
  • Fraudulent alert redirects user to landing page that appears to be the real thing 
  • Scam tells Commonwealth customers to give banking details to restore access 
  • Ruse ironically purports to use two-factor authentication during the process 
  • But it is simply a mechanism to harvest customers’ data and hack their accounts

Australians have been warned about an elaborate new scam that is so sophisticated it even replicates the security features of a real bank website.

The intricate email scam targeting the country’s 15.9 million Commonwealth Bank customers tells recipients ‘irregular activity’ has been detected on their account.

The fraudulent alert redirects the user to a landing page that appears to be the real thing – but is in fact simply a way for the scammers to harvest their data.

Australians have been warned about an elaborate new scam that is so sophisticated it even replicates the security features of a real bank website (stock image)

Email filtering service MailGuard said they first detected the scam on Tuesday.

‘The hallmark of this scam lies in not only how well-crafted it is, but how it ironically utilises multiple safety features to steal confidential data of users,’ the MailGuard alert reads.

They added each e-mail masqueraded under the display name ‘Commonwealth Bank of Australia’.

The warning explained those who click through to the fake home page are told to submit their client number and password, before then ‘verifying their identity’,

That step involves entering their card’s number, expiry date and card security code. 

Unsuspecting customers are finally taken through a fake two-factor authentication process where they are told to generate a new ‘NetCode.’

The fraudulent alert redirects the user to a landing page that appears to be the real thing - but is in fact simply a way for the scammers to harvest their data (pictured)

The fraudulent alert redirects the user to a landing page that appears to be the real thing - but is in fact simply a way for the scammers to harvest their data (pictured)

 The fraudulent alert redirects the user to a landing page that appears to be the real thing – but is in fact simply a way for the scammers to harvest their data (fake verification process pictured left and right)

But they are then told that code has expired and they need to click ‘Get NetCode’ again.

‘The sole purpose of this elaborate phishing scam is to harvest the login credentials of Commonwealth Bank customers so criminals behind this scam can break into their bank accounts,’ MailGuard said. 

The filtering service has urged customers to be on the lookout for the multi-staged email scam and to report any suspicious emails to Commonwealth Bank.  

In response to the scam, Commonwealth have issued a statement urging its customers to stay away from the fake alert. 

‘Some customers have reported receiving a phishing email with the subject line “Your Commonwealth Bank account is temporarily restricted”,’ the statement said.

‘This email is not a genuine CBA communication. Please do not click the link or reply to the sender.’

'The sole purpose of this elaborate phishing scam is to harvest the login credentials of Commonwealth Bank customers so criminals behind this scam can break into their bank accounts,' email filtering service MailGuard said

‘The sole purpose of this elaborate phishing scam is to harvest the login credentials of Commonwealth Bank customers so criminals behind this scam can break into their bank accounts,’ email filtering service MailGuard said

Read more at DailyMail.co.uk


Comments are closed.