AN urgent warning has been issued to Commonwealth Bank customers with an email scam hitting thousands of Australian inboxes.
The scam which contains the words CommBank asks users to confirm card activity and asks you to verify whether you, 'or other person you trust' have used your 'debit or ATM card'.
Anti-virus software company Mailguard said unsuspecting recipients who click on the link to view 'transaction details' are each led to a different page which redirects to a page using the domain 'CommBonk'.
"This is a phishing page masquerading as a fake Commonwealth Bank sign-in page," the alert states.
"The email asks whether 'the transactions listed' are clear. If the details are clear, users are instructed to call the bank using several telephone numbers. If they are not, users are told to call a separate set of numbers to 'block' the 'compromised card'."
NSW Police has also issued a warning and urged people not to click on the link and to delete email immediately.
Mailguard said the hallmark of this scam lies in its ability to trick users by ironically using a security alert.
"Verifying irregular transaction activity is a common trait of well-established banks like Commonwealth and it's this focus on security that cyber criminals behind this scam leverage on," the alert states.
The specific techniques they've incorporated to trick recipients:
- Use of a major brand name to inspire false trust; the usage of the supposed 'Commonwealth' display name boosts the email's credibility,
- Inclusion of 'helplines' typically expected of a well-established bank such as bank support numbers for local and overseas locations in the email & support links in the phishing page and,
- False urgency; a subject line such as 'Action Required' and a signature supposedly from 'Commonwealth Bank of Australia Fraud Security Support' creates a sense of panic and anxiety.
If you have been victim to a scam, or to report one, contact the Australian Competition and Consumer Commission via its Scamwatch page.