Phishing emails target NetBank Customers

Phishing emails target NetBank Customers

It does seem like bank customers are the current favourite targets for phishing emails. These last few weeks we have had ANZ, Westpac and National Australia Bank customers targeted by phishing emails. Today we have had a surge of phishing emails targeting Commonwealth Bank NetBank customers. These emails are scams and can be deleted.

We have reproduced one such email in Figure A. We have yet to see any variation in either the content or the sender of this particular phishing email. This includes the specified last four digits of the card (which is shown as 0121). The subject line of the email is “New statement and important message”. The sender is listed as “Commonwealth <billing492492>”.  The email does not have a greeting as such. There are four links contained in the email. We have circled the links; they all point to the same web address.

MailShark Phishing emails target NetBank Customers
Figure A – Click to Enlarge

The reason for the email is to inform the customer that their statement for a Diamond Awards card is available. This is a ruse to tempt people to click on the links. Most people would not have a card ending in 0121, but they may click to find out why they now have a statement. The email goes on to state that there is a message included with the statement. The layout of the body of the email is very similar to a printout of an email. The email also informs the customer that if they can’t view statements online they can click on the “check our tips” text.

It is a fake email, of course. There is no personalised greeting, and the links contained in the email do not lead back to the Commonwealth Bank. Instead they lead to a phishing site that is designed to harvest login details of customers.

If you are unsure about the veracity of an email claiming to be from your bank, look at whether they have used your name in the greeting. Banks use personalised greetings. Mousing over the link(s) in the email to check where they lead to is another verification method. Don’t click on a link in an email without first checking where it leads to.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service

Share This Post

Post Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.