CBA Alerts Account-Owners of Phishing E-mail
According to the researchers from AVG a security company, Internauts in Australia holding accounts with CBA (Commonwealth Bank of Australia) have been urged for remaining watchful of fake notifications wherein they are told about NetCode's safety just upgraded.
Specifically the e-mail tells the recipient that it was necessary to disable his SMS authentication mechanism under NetCode for his own safety. Therefore, he's urged to substantiate the details relating to his account so the bank can make his NetCode SMS validation active. For getting the act done, he should click on a given web-link, the e-mail states.
But the web-link leads onto one gaming site hosted in Russia from where end-users get diverted onto yet one more site.
Meanwhile, AVG, which detected the phishing electronic mail, instantly informed the Bank's clients through the company's Facebook page.
It also said that at the very outset every e-mail from one's bank would surely address the recipient via his full name and thereafter the bank won't ever request him for information validation through an e-mail link like within the above stated instance.
The kind of 'phishing' electronic mails infamously requested users for updating their information through an e-mail web-link, which actually led them onto one malicious site which in all probability contaminated their PCs, while transmitting their data to fraudsters' machines. Therefore, such messages must be erased from one's inbox right away.
Security analysts studying the scam electronic mails urged Internet users that incase anyone felt he'd got one such e-mail from the Commonwealth Bank of Australia, he could verify it from CBA through a particular e-mail id of the bank meant for its customers.
Meanwhile, in a similar phishing scam, which victimized CBA's customers during May 2012, e-mails masquerading as CBA told receivers that the bank was forced to disable their accounts owing to many failed logging attempts. For recovering access, the user thus requires clicking on a web-link where he should log into the personal Internet account followed with supplying the information for personal identity authentication. Apparently, making a false claim the e-mail stated that the suggested action was for safeguarding the client's safety as well as privacy.
» SPAMfighter News - 21-02-2013