Phishing Scam of Commonwealth Bank ‘eStatement Ready’

Softpedia.com reported on 9th January, 2014 stating that customers of Commonwealth Bank, a renowned Australian Bank, are victimized by a phishing email scam that relies on fake emails bearing the subject line: "estatement for December 2013 is ready".

The emails inform the recipient that his online statement or eStatement for December 2013 is now ready for being viewed. It (email) tells him that Internet statements are quick, free and constantly available and they never get misplaced. Moreover, Internet statements help conserve paper and trees. User is told that once he logs into his account he will be able to view statements for last 7 years at any place and at any time.

The fake messages contain a link appearing to point to an eStatement but in reality it leads to a phishing website.

The phishing emails are very-well drafted and non-vigilant users can mistake them as genuine emails from the Commonwealth Bank.

However, the email is not from the Commonwealth Bank and instead it is a phishing scam designed to trick users into divulging their details of account login and other information.

Those who click the link in the email will be taken to a fake website which appears to be genuine login page of Commonwealth Bank. Once they have "logged in" on the fake page, users will then be asked to provide their email username and password, their date of birth and their contact details apparently to confirm their account.

Users will be automatically redirected to the genuine website of Commonwealth Bank on submitting this information.

Experts comment that the criminals operating the scam can use the stolen information to hijack bank accounts of victims and they can also take control of their email accounts and use them in further spam and scam campaigns in the name of their victims.

Moreover, Commonwealth Bank is not the only bank which has been targeted by cybercriminals in the last few months because as per the report of security firm Websense, phishing emails were discovered in November 2013 targeting customers of Punjab National Bank (PNB), one of the largest nationalized Indian banks, seeking to obtain sensitive details of individual customers.

» SPAMfighter News - 1/17/2014