Commonwealth Bank customers are targeted in a phishing scam that relies on bogus emails entitled something like “eStatement for December 2013 is ready.”
“Email notification to let you know that your online statements for December is ready for viewing. Online statements are fast, free, and always available. They never get lost in the mail or misplaced. Plus, online statements save paper and trees,” the emails read
“Just log on to NetBank and you’ll have access to up to seven years of statements whenever and wherever you’d like. The number of statements and notices you see will depend on your account. Your eStatements are ready.”
The emails are well designed and they could be mistaken for legitimate communications from Commonwealth Bank by users who aren’t cautious.
Hoax Slayer reports that the fake messages contain a link which appears to point to an eStatement, but in reality, it leads users to a phishing website.
On the malicious website, which closely mimics the legitimate Commonwealth login page, victims are asked to provide various pieces of information – including username, password, email address, date of birth and contact details – in order to confirm their account.
Once the information is handed over, victims are redirected to the genuine Commonwealth website, most likely in an effort to avoid raising any suspicion.
If you come across such emails, don’t rush to click on the links they contain without reviewing them a bit, regardless of how urgent the matter sounds. The sender of such emails can be easily forged, but if the links they contain don’t point to the genuine Commonwealth website, which uses an HTTPS connection, you’re likely dealing with a scam.
If you’re already a victim of this scheme, change your password and contact the bank. Also, if you’ve provided your email address, your inbox will likely be bombarded with other malicious emails.