Phishing Attacks Inundate Commonwealth Bank Customers with Scam E-mails

Security researchers at Sophos, an anti-virus vendor, report that three separate phishing scams have attacked existing and potential customers of Australia's Commonwealth Bank in just seven days. The attacks use various social engineering tactics to get users to divulge personal information, especially their banking details.

The first scam, reported on May 25, 2009, typically claims a banking mistake. Addressing the recipient as "Dear Commonwealth Bank of Australia customer", the e-mail says that during the routine account verification and maintenance procedures, Commonwealth Bank has spotted a minor error in the customer's billing details.

The e-mail then instructs the victim to update his information through a web-link pointing to a fraudulent site that cleverly displays the branding elements of Commonwealth Bank.

The second scam, which was reported on May 31, 2009, employs a trick pertaining to make some easy cash. Accordingly, the scam e-mail claims that the recipient has been chosen to participate in a survey comprising five quick and simple questions in return of $50 that would be deposited into the user's account.

Moreover, the third attack entices the recipient with promises of money that could be obtained freely via e-mail. The message congratulates the recipient because his supposed Cashback tBonus of $500 is all set for redemption. It also provides a telephone number, which the user could use any time.

The security researchers comment that the phishing campaign purporting to be from Commonwealth Bank is not simply an annoyance for consumers, but is also a big problem for security companies that can't afford to have lucrative accountholders becoming annoyed due to blockage of their inbound e-mails in efforts to prevent the scammers.

Meanwhile, phishing campaigns have been constantly targeting the Commonwealth Bank, since May 2009. On May 20, 2009, the bank issued a warning that customers should ignore any suspicious e-mail; nevertheless, the assaults have been continuously rising.

Besides, the e-mails purporting to be from the Commonwealth Bank's staff have prompted the bank to confirm that the e-mails are not from them and they would never request consumers to e-mail sensitive information.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 6/9/2009