Monday, December 9, 2019

Commonwealth Bank SCAM Alert

SCAM ALERT:
Watch out for this phishing scam from 'Commbonk'. The scam starts as an email using various display names, each containing the word ‘CommBank’. Unsuspecting recipients who click on the link to view ‘transaction details’ are each led to a different page which redirects to a page using the domain 'commbonk'. According the security company, MailGuard, this is a phishing page masquerading as a fake Commonwealth Bank sign-in page. Don't click on the link and delete email immediately. . The scam starts as an email using various display names, each containing the word ‘CommBank’. Unsuspecting recipients who click on the link to view ‘transaction details’ are each led to a different page which redirects to a page using the domain 'commbonk'. According the security company, MailGuard, this is a phishing page masquerading as a fake Commonwealth Bank sign-in page. Don't click on the link and delete email immediately. .
  • use of a major brand name to inspire false trust; the usage of the supposed ‘Commonwealth’ display name boosts the email's credibility,
  • inclusion of ‘Helplines’ typically expected of a well-established bank such as bank support numbers for local and overseas locations in the email & support links in the phishing page and,
  • false urgency; a subject line such as ‘Action Required’ and a signature supposedly from 'Commonwealth Bank of Australia Fraud Security Support' creates a sense of panic and anxiety.

No alt text provided for this image
Commonwealth Bank impersonated in phishing scam; email asks users to confirm card ‘activity’

The hallmark of this scam lies in its ability to trick users by ironically using a security alert. Verifying irregular transaction activity is a common trait of well-established banks like Commonwealth and it’s this focus on security that cybercriminals behind this scam leverage on. Here are some of the specific techniques they’ve incorporated to trick recipients:
Despite these techniques to fool users into thinking the email is authentic, eagle-eyed recipients will spot red flags that point to its illegitimacy, with the biggest being the fact that the link doesn't actually point to Commonwealth Bank. Besides this, the email also contains spacing errors and grammatical mistakes like ‘are all transactions listed above clear for you?’.
This is another reminder for those who utilise online banking, to pay close attention to the emails they receive from their banks. To best protect yourself, it is imperative that you do not click any link contained within an email, especially if it does not address you by name (as in the scam above). It is best practice to type the website URL into your browser or use the official banking app in this instance.
As banks have been a major target for scammers, they have also been working hard to distinguish their legitimate correspondence from the ‘fakes’ and educating their customers on best security practices. This is also why any legitimate correspondence from your bank won't have links to their website. Banks will instead ask you to manually enter it into your internet browser. Also, if you are ever unsure if it is your bank genuinely trying to reach you, simply contact them directly to confirm.

0 comments:

Post a Comment

Twitter Facebook Favorites More