URGENT – Netflix Scam
Beware of Bush Fire SCAMS
Show all

ALERT – Commonwealth Bank SCAM

Exercise caution if you receive an email supposedly from Commonwealth Bank. MailGuard has detected a phishing email scam spoofing the bank is infiltrating inboxes.

First detected on the 29th of November 2019, the emails use various display names, each containing the word ‘CommBank’. They actually originate from multiple senders belonging to different domains that have been created ad-hoc for this scam. The subjects used by the emails also vary.

The body of the email contains a heading titled ‘Activity Confirmation’. It asks you to verify whether you, ‘or other person you trust’ have used your ‘Debit or ATM Card’. A link is provided for you to verify your ‘transaction details’. The email asks whether ‘the transactions listed’ are clear. If the details are clear, users are instructed to call the bank using several telephone numbers. If they are not, users are told to call a separate set of numbers to ‘block’ the ‘compromised card’.

Here is a screenshot of the email:

CommBank 2911 edited

Unsuspecting recipients who click on the link to view ‘transaction details’ are each led to a different ‘bit.ly’ page which redirects to a page using the domain ‘commbonk’. This is a phishing page masquerading as a fake Commonwealth Bank sign-in page.


As always, if you believe that may have been scammed please contact the team at Queensland Business Technologies for assistance.