Online Access Locked says Phishing Email
Today’s phishing email is special. Aside from it targeting Commonwealth Bank customers, it is in English and Portuguese. The body of the email is in English, but the footer is in Portuguese. It is a quality phishing email in many respects. But there are still signs that it is not legitimate. We have not observed it in the quantities associated with a phishing campaign. Its realism qualifies it for our “phish of the day, and “phish of the week”.
The reason for the email is to inform the recipient that their online access is locked. The issue can be solved by clicking on a link. It is a fake email, of course. The link leads to a fake site.
Figure A shows the email. The Commonwealth Bank logo headlines the email. The greeting used is “Dear customer”. The sender of the email is “Commonwealth NetBanking”. The subject is “Your Online Access Locked”. The email domain of the sender is not a Commonwealth Bank domain. The body of the email contains one link. The link is to a phishing site. Anchor text of the email is “click here”. The email signs off with “Commonwealth NetBanking”. The footer of the email is in Portuguese.
As the email states, online access has been locked. According to the email the lock is temporary. The email reassures the recipient that access restoration requires account confirmation. The recipient may confirm their details by clicking on the link.
It is a realistic phishing email, but it is bogus. There are two main signs. The first sign is the email greeting. The greeting is generic. Emails from banks always use your account name. The second sign is the link. It is not a link to the Commonwealth Bank. It links to a phishing site. The phishing site steals customer’s banking login details. The intention is to commit fraud. Delete this email.