Today I came across a phish, nothing new there but it was targeted at one of Australia’s biggest banks, Commonwealth Bank. The phish claims to be from the Commonwealth Bank, and looks like this
Your Online banking account has been locked
To Login, please click the link below:
The link goes to a page which looks very much like Commonwealth Banks page. (with genuine links to “Netbank centre” and “Forgotten client number”).
This again highlights the need for users of Internet banking websites to be aware at all times, when accessing their accounts. Fraudulent emails like this one are on the rise and some simple steps can keep you safe. Some tips are:
1. Look at the sender information – This phish came from the sender
Commonwealth Bank of Australia<firstname.lastname@example.org>.
There is an obvious typo there in “@commonweahtl.com”.
2. Read up on your financial institution’s policy with regards to sending/requesting personal banking information.
3. Look at the links – This phish asks the user to log into their online bank account. I have purposely obfuscated the phishing link used in this blog post however it is clearly different from the link available directly from the real Commonwealth Bank website.
Some other samples seen are
Dear Commonwealth Bank of Australia customer,
During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your billing information.
This might be due to either of the following reasons: 1. A recent change in your personal information ( i.e.change of address). 2. Submiting invalid information during the initial sign up process. 3. An inability to accurately verify your selected option of payment due to an internal error within our processors.
Please update and verify your information by folowing this link:
If your account information is not updated within 48 hours then your ability to access your account will become restricted.
© Commonwealth Bank of Australia 2009 ABN 48 123 123 12