New Statement plus Important Message
Sometimes it seems that there is nothing new under the sun. This statement may or may be valid, but for phishing emails, it is not true. Today’s phishing email does, however, resemble a past phishing email. The email targets the users of the Commonwealth Bank’s online banking service. It is a cunning email. Two months is the de facto standard for a phishing email campaign to fade from memory. That is how the cyber criminals appear to operate. If you take a look at the post on March 18, you’ll see what we mean.
Figure A is the phishing email. It looks like a message. It has a subject, a category and a date. The message has the feel of a Commonwealth bank message. The email sender is “Commonwealth”. Checking the email domain shows that it has the words “commonwealth” and “billing”. This is a clever ruse. The subject line of the email is “New statement and important message”.
There are two links in the email. One is attached to the button with text “View statement now “. The other link has the anchor text “now available”. The purpose of the email is to inform the recipient of a new statement on their credit card account. The email specifies the last four digits of the user’s credit card. In fact, the four digits don’t vary between emails. Again, this is a ruse. The recipient may look at the email and think, “That is not my credit card number”. They may then click on the link to check.
This email is a fake. There is no greeting at all. Banks always use a personal greeting. Both the links lead to a malicious site. This site is a phishing site. It steals user details. Do not click on the links in this email. Delete it immediately.