Over the past month, a series of scam emails have been sent to Australian Commonwealth Bank customers requesting NetBank login details, credit card and debit card numbers.
Protect yourself from loss, theft and identity crime
Safeguard your personal information from identity thieves. SecureIdentity by Secure Sentinel helps you protect confidential information to prevent your identity from being used for illegal activities.
Features of Secure Identity - with one single call you can:
- Cancel any affected credit cards or other financial cards (including cover from the time they were lost to the time you notified them, until the time they notify your banks etc.
- Arrange replacement cards
- Place a temporary block on your mobile phone that is registered with Secure Identity
- Help you with item details for a police claim or insurance claim
- If you are eligible, you can even receive a cash advance of $1,000 AUD in the case of an emergency
- Organise the safe return of any lost or stolen registered items that were recovered
- Give you help and advice to get through the situation as smoothly as possible with the least amount of stress.
These emails link out to fake clones of the Commonwealth Bank website designed to snap up the personal details of unsuspecting customers. Emails intended to scam personal details are also known as ‘phishing‘.
For starters, no bank or financial provider will ever email you requesting any personal details. In light of the recent emails, a representative from the Commonwealth Bank has stated:
What happens in these phishing emails?
Below are screenshots demonstrating one of the recent NetBank phishing emails:
- This is the what one of the email’s look like in your inbox. From this point, it looks fairly legit and ‘official’.
- Below is what the email looks like when you open in it plain text. Most emails will automatically be opened in plain text by default.
- The first thing odd about the email is that the sender does not refer to the recipient as their full name, but rather their email address.
The second feature of the email is one which may fool even a savvy internet user. When you mouse over a link, it’s true destination is typically shown. However, because the email is opened in a plain format, it cannot register this.
For example, this link says http://www.google.com but actually leads to the Credit Card Finder® homepage.
- However in plain text, the URL preview will show what the text says, which as you can see, is the real netbank.commbank.com.au page.
- See below for what the email looks like in Full HTML.
- If you open the email in HTML, you will see a much more ‘real’ looking email. However, if you mouse-over the URL link, you will see in the URL preview at the bottom of your internet browser that it leads to a bogus website.
What happens if I click through to the fake website?
- If you follow the link, you will be sent to a direct clone of the real NetBank page, where you would typically enter your Client Number and Password.
- Once you enter your details, you’re redirected to a page where you are asked for your debit or credit card information for ‘further verification’.
- Once you enter those details, you are redirected to the official NetBank login page.
- At this point, the scammers now have your NetBank login details as well as your credit/debit numbers.
False details were used to proceed through the steps.
How do people fall for these e-mails?
If people have never encountered or heard of phishing emails in the past, unfortunately some will learn the hard way from their mistakes.
Fortunately, while it can be a violating and scary experience having your personal details and money stolen, if you inform your bank quickly, in most cases you will be hastily reimbursed for your losses.
What happens if I’m positive that the email requesting some sort of private information is official?
Ignore it. If it’s authentic and important, your bank will send you a letter or call you instead.
How can I tell if the letter or call is real then?
Similarly, no letter or call will ask for your personal details to prove your identity or anything along those lines.
Banks rarely contact by phone out of the blue, they will generally only call in reply to a query, question or dispute.
If for any reason you doubt the authenticity of the caller, provide a false answer to a security question as a precaution – if they approve of it, you will know it’s a fraud.
- A list of fake emails with screenshots reported by CBA consumers.
- General identity and personal information security tips from Commonwealth.
- A comparison table of Commonwealth Bank credit cards.