Commonwealth Bank and NAB Customers Warned About Email Scam

By Krisinda Merhi September 9, 2019
Internet shopping

Check your inbox. 

Customers at Commonwealth Bank and NAB have been targeted in a new scam. 

MailGuard, a tech security provider, says it has detected scams targeting vulnerable customers from both banks and has warned people to check their emails carefully. 

The content of the emails vary slightly depending on which bank customers belong to. 

Commonwealth customers may receive an email which starts with a message: 'Dear Valued Customer, You have 1 IMPORTANT-security message(s) from NetBank Security team.' 

It then prompts the customer to logon to NetBank using a link in the email to view the message.

This Commonwealth bank scam was first detected on September 5. 

“Unsuspecting recipients who click on the link are led to a web page that’s nearly identical to the authentic Commonwealth NetBank log in page,” MailGuard said.

“This is a phishing page with fake CommBank branding. 

“The user is requested to insert their login credentials that are harvested once they provide information on all required fields.”

Similarly, NAB customers have been sent a mail using display name 'Nab Online.' 

The email reads: 'This is an automated message from NAB.

'Its [sic] to notify you that we have placed a hold on your card as we detect a usage in a different location.

'To resolve the problem this problem and uplift this hold, we urge you to visit any NAB branch near you.

'If you are unable to visit a branch today, then download the attached form and get verified within minutes.’

The customer is then asked to fill in their personal information and return it to the sender. 

MailGuard warns against filling out the form: “Once this is submitted, these details are harvested and the user is redirected to a fake confirmation page,” they explain. 

This NAB scam was first reported on September 3. 

As a general rule, no links in weird emails from banks should be clicked on. If it’s an urgent matter, the bank will contact you. However, if you are unsure, it is best to call your bank directly - better to ask than to click on an unsafe email. 

Other ways to identify phishing emails include: 

- Are not addressed to you by name.

- Appear to be from a legitimate company but, on closer inspection, use poor English or omit personal details that a legitimate sender would include.

- Are from businesses that you were not expecting to hear from.

- Take you to a landing page or website that is not the normal URL of the company the email says it is from. 

Stay safe out there, friends. And double check your emails. 

Images: Getty.