Netbank login scam: Nearly 16 million Commonwealth Bank customers received warning about suspicious email

Commonwealth Bank customers have been warned of a phishing scam email sent to Australian customers claiming their NetBank account had been “temporarily suspended”.

Cloud security company Mailguard first sounded the alarm after detecting a series of suspicious emails.

Watch the video above to see how scammers are using new tactics

It alerted Commonwealth Bank’s 15.9 million customer customers to a number of questionable email components.

First, the email – with the subject ‘[Alert] Confirm your NetBank account (Case ID #AU 0PPC001701)’ – is apparently sent by a sender whose display name is ‘Commonwealth Bank’ and comes with a genuine sounding sender email address.

This is what the email looks like. Credit: Mailguard

But a closer inspection of the sender of the email would show users that the real sender’s email address is “whulk(at)whulk(dot)com”.

“Busy, distracted recipients who don’t think twice could be forgiven for thinking the email is legitimate,” Mailguard warned.

Anyone who clicked the “Confirm my account” button would be redirected to a web page that looks like the actual NetBank login page, where they are asked to enter their details.

“Of course the login page is a scam,” Mailguard said.

“Once recipients complete the first phishing page, they will have mistakenly provided their NetBank credentials, including their customer number and password, to the cybercriminals.”

It then prompts users to enter their full name, date of birth, email address, and phone number.

The scam then prompts users to enter their full name, date of birth, email address, and phone number.
The scam then prompts users to enter their full name, date of birth, email address, and phone number. Credit: Mailguard

The crooks then use a series of “one-time passwords” – or OTP codes – to confirm that the user is the true owner of the provided phone number, before attempting to capture credit card information, including including card number, expiration date, card PIN, and CVV.

Mailguard shared a few more red flags in their review of the email phishing scam.

“Those behind the scam went to great lengths to mimic the ABC’s NetBank email communications and login pages,” he said.

“Upon closer examination, grammatical errors present in the body of the email, as well as the domain address, which is not an official website hosted by Commonwealth Bank, are all red flags. “

If you have received this email, it is best to delete it immediately before clicking on any of the links it contains.

“Providing your personal information may result in your sensitive information being used for criminal purposes and have a serious impact on the financial well-being of your business,” Mailguard said.

Mailguard says you should only interact with emails addressed to you by name, use correct English, be from a company you expected to receive an email from, or be directed to a website legitimate business.

Commonwealth Bank tips for dealing with fraudulent text messages and emails

  • CommBank will never ask you for your banking information by email or SMS
  • Stop before you click
  • For added security, always go directly to NetBank yourself and log in from the site you know to be genuine, rather than using links in communications.
  • Report suspicious emails to and delete them immediately afterwards. Do not reply to them or communicate with them
  • Be aware that scams can also take place over the phone with people claiming to be from a reputable organization trying to gain access to your computer, bank account, and money. In this case, the best thing to do is to hang up and call an organization’s official phone number to verify the communication.

Comments are closed.