Help & support
A number of CommBank-themed phishing messages are currently in circulation that specifically target our CommBiz service.
These fraudulent communications inform recipients that their account access is compromised or will be locked if they fail to verify details.
These are not genuine CommBank communications. Do not click the link or reply to the sender.
An ongoing scam campaign has seen Commonwealth Bank, and other financial institutions, impersonated to promote the sale of scam investment products, including treasury bonds, corporate bonds, and term deposits.
To attract potential victims, the scammers have created fake price-comparison websites, offering to provide investors with information on the best rates for various products. Potential investors who leave their personal details on the site are liable to receive a call from the scammers. The caller will impersonate the member of staff at a financial institution, sometimes using the details of a real bank employee stolen from a Linkedin profile. They will supply the potential investor with high-quality and detailed documents providing details of the proposed investment, which will usually provide a return which is 1% to 2% greater than an equivalent legitimate product. Common domains used for this scam include ‘cba-im.com’ or ‘cba-am.com’.
Remember to Stop. Check, and Reject if you identify an investment opportunity that matches the above and remember if you are ever unsure, please verify via https://www.commbank.com.au/support/contact-us.html.
A number of CommBank-themed phishing emails and SMS messages are currently in circulation.
These fraudulent communications inform recipients that there has been unusual activity on their NetBank, or that it will be stopped or restricted if they fail to login and complete other actions such as verifying details or unlocking their account, by clicking on a malicious link within the email and entering their credentials or completing a verification process. Do not click the link or reply to the sender.
These are not genuine CommBank communications. If in doubt, please verify via https://www.commbank.com.au/support/contact-us.html.
A number of CommBank-themed phishing messages and emails are currently in circulation.
These fraudulent communications inform recipients that their account access will be impacted if they fail to verify identity details or acknowledge new terms and conditions.
Do not click the link or reply to the sender.
A number of fraudulent SMS messages and emails targeting CommBank customers are currently in circulation.
The messages prompt recipients to follow malicious links to take action, or put a stop to suspicious activity.
This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.
These are not genuine CommBank communications. Do not click the link or reply to the sender.
A number of CommBank-themed phishing emails are currently in circulation that are misappropriating the content of our genuine communications to customers.
These fraudulent communications inform recipients that their NetBank will be stopped or restricted if they fail to login and complete other actions such as verifying details or unlocking their account, by clicking on a malicious link within the email and entering their credentials or completing a verification process. Do not click the link or reply to the sender.
Whilst these are not genuine CommBank communications, it is important to note attackers will frequently adapt legitimate emails for their own purposes. If in doubt, please verify via https://www.commbank.com.au/support/contact-us.html.
A fraudulent CommBank-themed SMS message is currently in circulation.
This communication attempts to mislead customers into downloading an app named after our chat-bot Ceba, however the application it installs onto your device, if allowed, is a piece of malicious software.
Never attempt to download our apps from anywhere aside from legitimate app stores, which can be reached from our website, here https://www.commbank.com.au/digital-banking/commbank-app.html.
If you believe you have downloaded this malicious software, or may have been otherwise compromised, please contact us via one of these methods, https://www.commbank.com.au/support/contact-us.html.
This is not a genuine CommBank communications. Do not click the link or reply to the sender.
A number of CommBank-themed phishing emails are currently in circulation that are misappropriating the content of our genuine communications to customers.
These fraudulent communications inform recipients that their NetBank will be stopped or restricted if they fail to login and complete other actions such as verifying details or unlocking their account, by clicking on a malicious link within the email and entering their credentials or completing a verification process. Do not click the link or reply to the sender.
Whilst these are not genuine CommBank communications, it is important to note attackers will frequently adapt legitimate emails for their own purposes. If in doubt, please verify via https://www.commbank.com.au/support/contact-us.html.
A number of CommBank-themed phishing SMS messages are currently targeting customers. They all include a link to review a transaction or dispute, and create an urgency to follow it.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
To be safe, always navigate directly to NetBank yourself and only log on to a site you know to be genuine, rather than using any links in communications.
Scammers have recently published links on social media to fake articles exploiting the Commonwealth Bank brand. Scammers are using these articles to lure people into completing a survey and/or asking individuals to register themselves for an investment scheme. There are also fake articles purportedly from ‘A Current Affair’ with faked testimonials to convince you it is a valid scheme.
The links within the articles take you to a fake, non-CommBank domain to complete the survey and register. Furthermore, these scams often require urgent payments to be made to third party accounts.
CommBank urges you to please Stop, Check and Reject if it is not legitimate, when considering any investment opportunity. You can validate the authenticity of any investment product offered by CommBank by contacting us directly through our official phone numbers, a full list of which is provided on our Contact Us page. You can also review our investment scams information to learn more about recognising these scams.
If you believe you have fallen victim to this scam, please contact us via CEBA in the CommBank App or call us on 132221.
The recent Optus data breach may leave you at a heightened risk of being the target of scams – regardless of whether your personal data was lost in the breach or not. It has come to light that scammers are using the Optus data breach to scare and scam customers. They have recently been contacting customers pretending to be from third party businesses such as Amazon/Ebay, to name a few, and claiming that the customer's account has been hacked. The scammer is then able to convince the customer to provide further details, including payment information such as card details, as a protective measure in response to the data breach. Once these details are provided the scammer will then steal the customer's funds.
When dealing with unsolicited callers:
We have observed a range of email and SMS phishing activity attempting to exploit concerns about compromised personal data or accounts.
Variations on this theme include:
All of these messages have a link which allegedly will help you “fix” the issue if you click – many of the links look similar to NetBank or CommBank or other CBA domains.
The messages are not legitimate. Please do not click links in these kinds of messages, reply to them or otherwise engage.
If you wish to verify the legitimacy of a message or are concerned about your account, you can contact us by messaging us in the CommBank app or using the 13 22 21 number.
We continue to monitor all our customer accounts closely to help protect you from unauthorised activity. For more information, please visit CommBank Safe.
A recent trend has occurred where customers are being targeted on Facebook by the celebrity CFD scam with Commonwealth Bank branding. CommBank is being falsely represented in these ads by indicating we support the product/service that alludes to the possibility of making significant income with minimal effort. This lures unsuspecting victims into clicking on the ad for more information which then populates another hyperlink that takes the reader to an overseas CFD provider.
Do not interact with these ads or believe the sales pitch. You can validate the authenticity of any investment product offered by CommonBank by contacting us directly through our official phone numbers, a full list of which is provided on our contact us page.
If you proceed to ‘invest’ in the CFD from one of these ads the likelihood of getting funds back would be minimal.
A recent trend has occurred where phishing emails are being sent with Commonwealth Bank branding and with signature of a CommBank employee advising customers that they will lose access to their mobile banking app soon. The email requests customers to click on a link to ‘renew’ their access or ‘re-register’ the device.
If you click on the link you will be requested to input your banking information which will then be used to access your genuine account. This is not a legitimate CommBank communication. DO NOT click on the link and simply delete it. To be safe, always navigate directly to your NetBank yourself and log on from the site you know to be genuine.
The Commonwealth Bank will not send emails of this nature with a link to reset or input your details.
A recent trend has spiked where scammers are posing as a relative, usually daughter, son or cousin, of the victim. Contact is made with the victim by sending a message via Whatsapp, Facebook messenger or phone (from an unknown number).
The scammers will often say that they have broken their phone and are using a “new” number. They will then ask for some urgent assistance with some funds to pay for a bill or some other expense. Funds are requested via wire transfer or card transactions on most occasions.
CommBank urges you not to transfer any funds being requested for in these messages and instead call your relative on their ‘old’ number to confirm.
If you do proceed with the funds transfer the likelihood of getting these funds back would be minimal, if any.
We have observed that the scammers have recently circulated a fake letter to customers asking for a ‘fee’ to be paid before a large sum of funds can be credited into the customer’s account. This letter is on an obviously fake CBA letterhead and is signed by a CBA employee.
This is not a genuine letter issued by CBA or by any of its employees. CBA urges you not to proceed with any funds transfer being requested for in these letters as the likelihood of getting these funds back would be minimal, if any.
A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.
The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to review settings or complete a security check to their CommBank accounts or online banking.
This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.
These are not genuine CommBank communications. Do not click the link or reply to the sender.
Three CommBank-themed phishing SMS and emails related to usage of NetBank are targeting customers. They all include a link and create an urgency to follow it.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.
A number of CommBank-themed phishing messages are currently in circulation.
The fraudulent messages prompt recipients to click on a malicious link within the message by informing them that their account or card has been suspended and details need to be updated or more information provided.
These are not a genuine CommBank communications. Do not click on the link or reply to the sender.
A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.
The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity, renew details or unlock access to their CommBank accounts or cards.
This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.
These are not genuine CommBank communications. Do not click the link or reply to the sender.
A number of fraudulent SMS messages targeting CommBank customers are currently in circulation.
The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity or investigate further.
This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.
These are not genuine CommBank communications. Do not click the link or reply to the sender.
We have seen a spate of CommBank-themed SMS phishing (smishing) targeting customers.
The SMS phishing varies in subject and includes telling people their accounts have been “placed under review”, or “new payees have been added,” or a CommBank account “has been registered on a new device”.
All are designed to trick people into clicking a link and then providing their login credentials.
These are not genuine CommBank emails. Do not click the link or engage with the message.
If you have made a mistake and already done so, please message us in the CommBank app, or visit us in a branch.
A number of CommBank-themed phishing emails and SMS are currently in circulation.
These fraudulent communications inform recipients that their NetBank has been, or will be, stopped or restricted if they fail to login by clicking on a malicious link within the email and updating their details.
This is not a genuine CommBank communication. Do not click the link or reply to the sender.
A CommBank-themed phishing email is currently targeting customers.
The fraudulent message prompts recipients to click on a malicious link within the email in order to restore your Netbank access.
This is not a legitimate CommBank communication. Do not click on the link or reply to the sender.
Scammers have recently published links on different social media sites/apps to fake articles exploiting CBA’s recently published move to integrate our Crypto trading platform into the Commbank app. Scammers are using these articles to lure people into completing an ‘Expression of Interest’ form consisting of a few multiple choice questions. Once completed, the scammers are asking individuals to register themselves using their Name, Email ID and Phone number. This is then followed by an email/phone call to the individual in an attempt to convince them into transferring funds and start earning by investing in Crypto.
The links contained in the articles take you to a fake, non-CBA domain to complete the ‘Expression of Interest’ and register. Furthermore, these scams often require urgent payments to be made to random third party accounts.
CommBank urges you to please pause, reflect and review carefully before proceeding when considering any investment opportunity. You can validate the authenticity of any investment product offered by CommBank by contacting us directly through our official phone numbers, a full list of which is provided on our Contact Us page. You can also review our investment scams information to learn more about recognising these scams.
A CommBank-themed phishing email is currently targeting customers.
The fraudulent message prompts recipients to click on a malicious link within the email in order to restore your Netbank access.
This is not a legitimate CommBank communication. Do not click on the link or reply to the sender.
A CommBank-themed SMS phish is currently targeting customers.
The fraudulent message prompts recipients to click on a malicious link within the SMS, in order to prevent their card being added to Apple Pay.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
A CommBank-themed SMS phish is currently targeting customers.
The fraudulent message prompts recipients to click on a malicious link within the SMS in order to restore your Netbank access or message us in the CommBank app.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
A number of CommBank-themed phishing emails and SMS are currently in circulation.
These fraudulent communications inform recipients that their NetBank will be stopped or restricted if they fail to login, or complete other actions such as verifying details or recording “touch behaviour”, by clicking on a malicious link within the email and entering their credentials or completing a verification process.
This is not a genuine CommBank communication. Do not click the link or reply to the sender.
A CommBank-themed SMS phish is currently targeting customers.
The fraudulent message prompts recipients to click on a malicious link within the SMS in order to restore your Netbank access or message us in the CommBank app.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
A CommBank-themed phishing email is currently in circulation.
This fraudulent email informs recipients that their NetBank will stop if they fail to login by clicking on a malicious link within the email and entering their credentials.
This is not a genuine CommBank communication. Do not click the link or reply to the sender.
A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.
The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity or unlock access to their CommBank accounts or cards.
This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.
These are not genuine CommBank communications. Do not click the link or reply to the sender.
A CommBank-themed phishing email targeting customers is currently in circulation.
This fraudulent email informs recipients that a statement has been issued, prompting them to click a malicious link and enter their credentials to view.
This is not a genuine CommBank communication. Do not click the link or reply to the sender.
Any time you need to access NetBank, please use a method already known to get to the authentic site, rather than a link in a message or email.
Scammers are currently offering fake Bonds purporting to be issued by various reputable and well-known companies in Australia. We have identified a variation of this scam where fake Fixed Income/Fixed Rate Bonds allegedly issued by the Commonwealth Bank of Australia are being offered.
The emails promoting this scam originate from fake domains such as @cba-invest.com instead of the legitimate CommBank domain (@cba.com.au). Furthermore, these scams often require payments to be made to non-CommBank accounts.
CommBank urges you to please pause, reflect and review carefully before proceeding when considering any investment opportunity. You can validate the authenticity of any investment product offered by CommBank by contacting us directly through our official phone numbers, a full list of which is provided on our Contact Us page. You can also review our investment scams information to learn more about recognising these scams.
We have noticed reports of the re-emergence of a campaign similar to one earlier reported in July. A fake email purporting to be from CommBank prompts recipients to click on a malicious link after telling them an unrecognised device has attempted to sign into their account.
This is not a legitimate communication. Do not click the link, reply to the email, or provide any details.
A CommBank-themed SMS phish is currently targeting customers.
The fraudulent message prompts recipients to click on a malicious link within the SMS in order to update their personal details.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.
A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.
The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity or unlock access to their CommBank accounts or cards.
This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.
These are not genuine CommBank communications. Do not click the link or reply to the sender.
A CommBank-themed SMS phish is currently targeting customers.
The fraudulent message prompts recipients to click on malicious links within the SMS on the basis that their access to NetBank, bank accounts, or bank cards is or will be restricted until further information is provided or actions taken.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.
Two CommBank-themed SMS phishing messages are currently targeting customers.
The fraudulent messages prompt recipients to click on malicious links within the SMS on the basis that their access to NetBank is or will be restricted until further information is provided or actions taken.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.
A CommBank-themed SMS phish campaign is currently targeting customers.
The fraudulent messages prompt recipients to click on malicious links within the SMS on the basis that they had not setup the new payee.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.
We are aware of text messages circulating which contain a link to malicious software. Current versions of this message advise of a missed call and include a link to allow you to listen to a voicemail.
If you click on this link, it may try and install software that will compromise your device, including user details and passwords; and/or allow unauthorised access to your accounts.
If you have clicked any suspicious links, or notice any unusual activity on your online banking, please message us in the CommBank app, or find your nearest branch https://www.commbank.com.au/digital/locate-us/
See examples:
CommBank customers are being targeted with a phishing email with the subject line “Your CommBank is temporarily locked”. The email looks as though it comes from the CommBank address customeradvocate@cba.com.au and asks the customer to verify account details in order to restore access. This is not a genuine CommBank communication. Do not click the link and remember to always navigate to the site you know to be the legitimate NetBank login page before entering any details.
Three CommBank-themed SMS phishes are currently targeting customers.
The fraudulent messages prompt recipients to click on malicious links within the SMS on the basis that their access to NetBank, bank accounts, or bank cards is or will be restricted until further information is provided or actions taken.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications. For more details about our KYC processes, visit commbank.com.au/KYCcollect.
A CommBank-themed phishing SMS is currently in circulation.
The fraudulent message prompts recipients to click on a malicious link within the SMS by informing them that their debit or credit card has been suspended and details need to be updated.
This is not a genuine CommBank communication. Do not click on the link or reply to the sender.
A CommBank-themed phishing SMS is currently in circulation.
The fraudulent message prompts recipients to click on a malicious link within the SMS by informing them that their account is marked as insecure and NetCodes must be returned to confirm safety.
This is not a genuine CommBank communication. You should never share NetCodes. Do not click on the link or reply to the sender.
A CommBank-themed phishing email is currently in circulation.
This fraudulent email informs recipients that a document has been received, prompting users to log on and view the document by clicking on a malicious link within the email and entering their credentials.
This is not a genuine CommBank communication. Do not click the link or reply to the sender.
A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.
The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity or unlock access to their CommBank accounts or cards.
This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.
These are not genuine CommBank communications. Do not click the link or reply to the sender.
A CommBank-themed phishing email is currently in circulation. The email prompts recipients to click on a malicious link within the message by informing them that an unrecognised device has attempted to sign into their account and that account access has been disabled pending verification.
The phishing email appears to come from customeradvocate@cba.com.au. In this situation a legitimate CommBank email address has been "spoofed", which means the sender address has been forged to mislead you as to the email's origin. The communication itself is a phish. Do not click on the email or respond to the sender.
A phishing SMS targeting CommBank customers is in circulation.
The message informs recipients that online access is restricted and prompts users to follow a malicious link within the SMS. The malicious link contains the words “commbank” and “netbank” in order to trick the recipient. However, this is not a genuine CommBank communication.
Do not click the link, or reply to the sender.
Three CommBank-themed phishing SMS related to security are targeting customers.
The fraudulent messages prompt recipients to click on malicious links within the SMS and share Netcodes on the basis that insecure activity is occurring. This is a social engineering tactic to create a false sense of fear and trick you into doing something you wouldn't normally do. You should never share Netcodes. Please do not click the links or reply to these messages.
There is a CommBank-themed phishing email in circulation with the subject line ‘Security Alert’.
The phishing email purports to come from “Commonwealth support” and informs the recipient that their account is missing important security information. The fraudulent message prompts recipients to follow a link to update their information within 24 hours to avoid their account being locked.
If you receive this email, do not reply to sender, click any link within the email, or provide any information.
A number of customers have reported receiving a fraudulent SMS that claims their NetBank access has been restricted. The message prompts the recipient to follow a malicious link within the SMS in order to restore access. This is not a genuine CommBank communication. Do not click on the link or reply to the sender.
Customers have reported receiving a phishing email purporting to come from CommBank, with the subject line “You have received a new document”.
The fraudulent email informs the recipient that a new document is ready for review and can be seen by following a malicious link within the email to log on.
Do not click on links within the email, or reply to the sender. To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.
A fraudulent SMS is in circulation targeting CommBank customers. It informs the recipient that a payment has been made to a new biller, which can be cancelled by following a malicious link. This is not a genuine CommBank communication. Do not click the link or respond to the sender.
A CommBank-themed phishing SMS is currently in circulation.
The fraudulent message informs recipients that their NetBank has been locked, prompting them to click a malicious link within the message to restore access.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
A phishing email is currently targeting CommBank customers.
This email informs recipients that there have been multiple login attempts on their account with the wrong password entered. This message attempts to create a false sense of urgency by suggesting that their account will be suspended indefinitely unless the recipient updates their account information by following the link provided.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
A CommBank-themed phishing SMS is currently in circulation.
The fraudulent SMS alerts the recipient that all online banking access has been locked, prompting users to click on a malicious link in the SMS to verify their identity.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
Multiple CommBank-themed phishing SMS are currently in circulation.
The fraudulent messages alert recipients to suspicious activities regarding their banking, such as new NetBank payees and Apple Pay activity, and prompts the recipient to click on a malicious link in the SMS to verify the activity.
These are not genuine CommBank communications. Please do not click the link or respond to the sender.
A coronavirus-themed phishing email is currently targeting CommBank customers. This email informs recipients that they must update their personal details in order to use their NetBank account, due to the 'COVID-19 virus'. This phishing message also attempts to create a false sense of urgency, by suggesting that the link provided is only valid for one day.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
New variations of a CommBank-themed phishing SMS are in circulation.
The SMS alerts the customer that a new payee was created, prompting users to click on a malicious link in the SMS to cancel the payee.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
Some CommBank customers have received phishing SMS messages that claim NetBank access has been blocked. Message recipients are prompted to click on a malicious link in the SMS to restore account access.
These are not genuine CommBank communications. Please do not click on a link or reply to the sender.
Variations of a CommBank-themed phishing SMS are currently in circulation.
The SMS alerts the customer that there has been a new payee created or payment processed in NetBank, prompting users to click on the link in the SMS to cancel the payee or payment.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
Some customers have received hoax CommBank-themed SMS messages related to payees and PayID.
The messages claim that unusual account activity such as a new linked PayID or a payment made to a new payee has taken place, and prompt the recipient to click on the link if they did not initiate the activity.
These are not genuine CommBank communications. Please do not click on a link or reply to the sender.
Variations of a number of CommBank-themed phishing SMS messages are in circulation.
The messages claim that access to online banking services such as NetBank have been locked, suspended or restricted for security reasons. Message recipients are then prompted to click on a malicious link in the SMS to restore account access.
These are not genuine CommBank communications. Please do not click on a link or reply to the sender.
Ceba can help you lock your card or securely connect you to a specialist in the CommBank app.
Fast-track your call, see expected wait times and connect with a specialist in the CommBank app.
Send us a copy or screenshot if you receive a hoax email or SMS.