Phishing campaign targets bank users

It has been some time since we last saw a large scale phishing attack launched on Commonwealth Bank customers. Today the lull was broken. The latest phishing campaign informs the user that they have a statement ready for viewing, and provides a link to do so. It is a scam email.

This email campaign has many similarities with a previous campaign in March 2015. The email is similar, even down to the wording. The main difference is that the email does not use the phrase “Diamond Awards”. Figure A shows the new version. The subject line is the same: “New statement and important message”.

The sender is”Commonwealth”, although the email domain is not the Commonwealth bank domain. It is similar to the Commonwealth bank’s domain name. This is a tactic employed by criminals to fool, the recipient. The email does not use a greeting. There are four links contained in the email. The main link is a button with the text “View statement now”. The others user the anchor text “now available”, “Account information page” and “check our tips”. The email has the looks and feel of a Commonwealth Bank message. All the links are circled in Figure A.

MailShark Phishing campaign targets bank users — Figure A – Click to Enlarge

The reasoning behind the email is to inform the user they have a credit card statement waiting. All the scam emails we checked used the same last four digits of a credit card, in this case 8196. As we mentioned in last month’s post, this is a ploy to trick you into clicking on the link to see what the message is about.

There are signs that this email is a fake. The email does not use a greeting. This is the most obvious sign. Emails from banks always will use your name, or at least the name the account is held in. The second sign are the links. They all lead to a phishing site. They do not lead to the genuine Commonwealth Bank site.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service