21 December 2022 – Fake CommBiz SMS messages

A number of CommBank-themed phishing messages are currently in circulation that specifically target our CommBiz service.

These fraudulent communications inform recipients that their account access is compromised or will be locked if they fail to verify details.

These are not genuine CommBank communications. Do not click the link or reply to the sender.

Scam examples: "A payment was attempted from your CommBiz account", and "Your Comm account has been temporarily suspended"

19 December 2022 – CBA branded investment scam

An ongoing scam campaign has seen Commonwealth Bank, and other financial institutions, impersonated to promote the sale of scam investment products, including treasury bonds, corporate bonds, and term deposits.

To attract potential victims, the scammers have created fake price-comparison websites, offering to provide investors with information on the best rates for various products. Potential investors who leave their personal details on the site are liable to receive a call from the scammers. The caller will impersonate the member of staff at a financial institution, sometimes using the details of a real bank employee stolen from a Linkedin profile. They will supply the potential investor with high-quality and detailed documents providing details of the proposed investment, which will usually provide a return which is 1% to 2% greater than an equivalent legitimate product. Common domains used for this scam include ‘cba-im.com’ or ‘cba-am.com’.

Remember to Stop. Check, and Reject if you identify an investment opportunity that matches the above and remember if you are ever unsure, please verify via https://www.commbank.com.au/support/contact-us.html

Scam examples: purchase agreements and term sheets for treasury bonds

9 December 2022 – Your NetBank has unusual activity or will stop working

A number of CommBank-themed phishing emails and SMS messages are currently in circulation. 

These fraudulent communications inform recipients that there has been unusual activity on their NetBank, or that it will be stopped or restricted if they fail to login and complete other actions such as verifying details or unlocking their account, by clicking on a malicious link within the email and entering their credentials or completing a verification process. Do not click the link or reply to the sender.

These are not genuine CommBank communications. If in doubt, please verify via https://www.commbank.com.au/support/contact-us.html

Scam examples: "Your account may be lost"

23 November 2022 – Fake verification requests

A number of CommBank-themed phishing messages and emails are currently in circulation.

These fraudulent communications inform recipients that their account access will be impacted if they fail to verify identity details or acknowledge new terms and conditions.

Do not click the link or reply to the sender.

Scam examples: "suspicious activities on your account"

23 November 2022 – Suspicious activity and update requests

A number of fraudulent SMS messages and emails targeting CommBank customers are currently in circulation.

The messages prompt recipients to follow malicious links to take action, or put a stop to suspicious activity.

This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.

These are not genuine CommBank communications. Do not click the link or reply to the sender.

Scam examples: "new device has been registered, your personal details has successfully been changed..."

14 November 2022 – Your NetBank will stop working

A number of CommBank-themed phishing emails are currently in circulation that are misappropriating the content of our genuine communications to customers.

These fraudulent communications inform recipients that their NetBank will be stopped or restricted if they fail to login and complete other actions such as verifying details or unlocking their account, by clicking on a malicious link within the email and entering their credentials or completing a verification process. Do not click the link or reply to the sender.

Whilst these are not genuine CommBank communications, it is important to note attackers will frequently adapt legitimate emails for their own purposes. If in doubt, please verify via https://www.commbank.com.au/support/contact-us.html.

Scam examples: "Suspicous activies on your account"

14 November 2022 – Beware fake CommBank virtual assistant app

A fraudulent CommBank-themed SMS message is currently in circulation.
This communication attempts to mislead customers into downloading an app named after our chat-bot Ceba, however the application it installs onto your device, if allowed, is a piece of malicious software.

Never attempt to download our apps from anywhere aside from legitimate app stores, which can be reached from our website, here https://www.commbank.com.au/digital-banking/commbank-app.html.

If you believe you have downloaded this malicious software, or may have been otherwise compromised, please contact us via one of these methods, https://www.commbank.com.au/support/contact-us.html.

This is not a genuine CommBank communications. Do not click the link or reply to the sender.

Scam example: "We're proud to announce our latest mobile app..."

4 November 2022 – Your NetBank will stop working

A number of CommBank-themed phishing emails are currently in circulation that are misappropriating the content of our genuine communications to customers.

These fraudulent communications inform recipients that their NetBank will be stopped or restricted if they fail to login and complete other actions such as verifying details or unlocking their account, by clicking on a malicious link within the email and entering their credentials or completing a verification process. Do not click the link or reply to the sender.

Whilst these are not genuine CommBank communications, it is important to note attackers will frequently adapt legitimate emails for their own purposes. If in doubt, please verify via https://www.commbank.com.au/support/contact-us.html

Scam page examples: Your NetBank will stop working

4 November 2022 – NetBank messages

A number of CommBank-themed phishing SMS messages are currently targeting customers. They all include a link to review a transaction or dispute, and create an urgency to follow it.

These are not legitimate CommBank communications. Do not click on the link or reply to the sender. 

To be safe, always navigate directly to NetBank yourself and only log on to a site you know to be genuine, rather than using any links in communications.

Scam text message examples: NetBank

26 October 2022 – Fake investment scheme

Scammers have recently published links on social media to fake articles exploiting the Commonwealth Bank brand. Scammers are using these articles to lure people into completing a survey and/or asking individuals to register themselves for an investment scheme. There are also fake articles purportedly from ‘A Current Affair’ with faked testimonials to convince you it is a valid scheme.

The links within the articles take you to a fake, non-CommBank domain to complete the survey and register. Furthermore, these scams often require urgent payments to be made to third party accounts.

CommBank urges you to please Stop, Check and Reject if it is not legitimate, when considering any investment opportunity. You can validate the authenticity of any investment product offered by CommBank by contacting us directly through our official phone numbers, a full list of which is provided on our Contact Us page. You can also review our investment scams information to learn more about recognising these scams.

If you believe you have fallen victim to this scam, please contact us via CEBA in the CommBank App or call us on 132221.

Scam page examples: Fake investment scheme

12 October 2022 – Optus Data Breach Scams 

  • The recent Optus data breach may leave you at a heightened risk of being the target of scams – regardless of whether your personal data was lost in the breach or not. It has come to light that scammers are using the Optus data breach to scare and scam customers. They have recently been contacting customers pretending to be from third party businesses such as Amazon/Ebay, to name a few, and claiming that the customer's account has been hacked. The scammer is then able to convince the customer to provide further details, including payment information such as card details, as a protective measure in response to the data breach. Once these details are provided the scammer will then steal the customer's funds.

    When dealing with unsolicited callers:

    • Be aware that they may invoke the Optus data breach as part of an attempt to gain your personal data.
    • Never disclose financial data to an unsolicited caller, or allow them remote access to your electronic devices.
    • If you believe that you have been targeted by a scam, contact CBA by visiting our contact us page.
    • Remember 3 simple steps: Stop. Check. Reject:
       
    1. Stop – Does a call, email or text seem off? The best thing to do is stop. Take a breath. Real organisations won’t put you under pressure to act instantly.
    2. Check – Ask someone you trust or contact the organisation the message claims to be from
    3. Reject – If you’re unsure, hang up on the caller, delete the email, block the phone number. Change your passwords.

29 September 2022 - Phishing and smishing following Optus breach

We have observed a range of email and SMS phishing activity attempting to exploit concerns about compromised personal data or accounts.

Variations on this theme include:

  • Suspicious account activity detected
  • Account locked due to suspicious activity
  • New devices detected
  • Account closure due to misuse
  • CommAlert! Account temporarily locked
  • Suspect account and temporary blocking of accounts
  • Account under review/on hold
  • Account verification failure
  • Account suspended/temporarily limited
  • Requests to extort individual victims of the Optus breach

All of these messages have a link which allegedly will help you “fix” the issue if you click – many of the links look similar to NetBank or CommBank or other CBA domains.

The messages are not legitimate. Please do not click links in these kinds of messages, reply to them or otherwise engage.

If you wish to verify the legitimacy of a message or are concerned about your account, you can contact us by messaging us in the CommBank app or using the 13 22 21 number. 

We continue to monitor all our customer accounts closely to help protect you from unauthorised activity. For more information, please visit CommBank Safe.

Examples of scams - 23 September 2022

14 September 2022 – Celebrity CFD scam

A recent trend has occurred where customers are being targeted on Facebook by the celebrity CFD scam with Commonwealth Bank branding. CommBank is being falsely represented in these ads by indicating we support the product/service that alludes to the possibility of making significant income with minimal effort. This lures unsuspecting victims into clicking on the ad for more information which then populates another hyperlink that takes the reader to an overseas CFD provider.

Do not interact with these ads or believe the sales pitch. You can validate the authenticity of any investment product offered by CommonBank by contacting us directly through our official phone numbers, a full list of which is provided on our contact us page.

If you proceed to ‘invest’ in the CFD from one of these ads the likelihood of getting funds back would be minimal.

CommBank Staff Impersonation Phish

18 August 2022 – CommBank staff impersonation phish

A recent trend has occurred where phishing emails are being sent with Commonwealth Bank branding and with signature of a CommBank employee advising customers that they will lose access to their mobile banking app soon. The email requests customers to click on a link to ‘renew’ their access or ‘re-register’ the device.

If you click on the link you will be requested to input your banking information which will then be used to access your genuine account. This is not a legitimate CommBank communication. DO NOT click on the link and simply delete it. To be safe, always navigate directly to your NetBank yourself and log on from the site you know to be genuine.

The Commonwealth Bank will not send emails of this nature with a link to reset or input your details.

CommBank Staff Impersonation Phish

10 August 2022 – Relationship scam alert – ‘Hi Mum/Dad’ scam

A recent trend has spiked where scammers are posing as a relative, usually daughter, son or cousin, of the victim. Contact is made with the victim by sending a message via Whatsapp, Facebook messenger or phone (from an unknown number).

The scammers will often say that they have broken their phone and are using a “new” number. They will then ask for some urgent assistance with some funds to pay for a bill or some other expense. Funds are requested via wire transfer or card transactions on most occasions.

CommBank urges you not to transfer any funds being requested for in these messages and instead call your relative on their ‘old’ number to confirm.
If you do proceed with the funds transfer the likelihood of getting these funds back would be minimal, if any.

11 July 2022 – Unexpected money scam alert: fake CBA letter asking for a fee before a large sum could be transferred

We have observed that the scammers have recently circulated a fake letter to customers asking for a ‘fee’ to be paid before a large sum of funds can be credited into the customer’s account. This letter is on an obviously fake CBA letterhead and is signed by a CBA employee.

This is not a genuine letter issued by CBA or by any of its employees. CBA urges you not to proceed with any funds transfer being requested for in these letters as the likelihood of getting these funds back would be minimal, if any.

Scam letter: "Financial Action Task Force. (FATF)"

10 July 2022 – Account security update

A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.

The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to review settings or complete a security check to their CommBank accounts or online banking.

This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.

These are not genuine CommBank communications. Do not click the link or reply to the sender.

Security update scam examples

11 July 2022 – NetBank messages

Three CommBank-themed phishing SMS and emails related to usage of NetBank are targeting customers. They all include a link and create an urgency to follow it.

These are not legitimate CommBank communications. Do not click on the link or reply to the sender.

To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.

NetBank scam text messages

21 June 2022 – Suspended or Restricted account

A number of CommBank-themed phishing messages are currently in circulation.

The fraudulent messages prompt recipients to click on a malicious link within the message by informing them that their account or card has been suspended and details need to be updated or more information provided.

These are not a genuine CommBank communications. Do not click on the link or reply to the sender.

Scams: "Your CommBank account has been suspended"

20 June 2022 – Unusual and suspicious activity

A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.

The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity, renew details or unlock access to their CommBank accounts or cards.

This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.

These are not genuine CommBank communications. Do not click the link or reply to the sender.

CommBank alert scams

15 June 2022 – Unusual and suspicious activity

A number of fraudulent SMS messages targeting CommBank customers are currently in circulation.

The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity or investigate further.

This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.

These are not genuine CommBank communications. Do not click the link or reply to the sender.

Scam: "Payment not received"

23 March 2022 - CommBank themed SMS phishing

We have seen a spate of CommBank-themed SMS phishing (smishing) targeting customers.

The SMS phishing varies in subject and includes telling people their accounts have been “placed under review”, or “new payees have been added,” or a CommBank account “has been registered on a new device”.

All are designed to trick people into clicking a link and then providing their login credentials.

These are not genuine CommBank emails. Do not click the link or engage with the message.

If you have made a mistake and already done so, please message us in the CommBank app, or visit us in a branch.

CommBank alert scams

18 March 2022 - Your account is temporarily suspended

A number of CommBank-themed phishing emails and SMS are currently in circulation.

These fraudulent communications inform recipients that their NetBank has been, or will be, stopped or restricted if they fail to login by clicking on a malicious link within the email and updating their details.

This is not a genuine CommBank communication. Do not click the link or reply to the sender.

Scam page examples: Account suspension

2 March 2022 – Your Netbank is temporarily locked

A CommBank-themed phishing email is currently targeting customers.

The fraudulent message prompts recipients to click on a malicious link within the email in order to restore your Netbank access.

This is not a legitimate CommBank communication. Do not click on the link or reply to the sender.

Scam: "your NetBank is temporarily locked. We noticed an attempt to sign in to your account from unrecognized device..."

23 February 2022 – Investment scam alert: fake articles on CBA’s move to Crypto trading on Commbank App

Scammers have recently published links on different social media sites/apps to fake articles exploiting CBA’s recently published move to integrate our Crypto trading platform into the Commbank app. Scammers are using these articles to lure people into completing an ‘Expression of Interest’ form consisting of a few multiple choice questions. Once completed, the scammers are asking individuals to register themselves using their Name, Email ID and Phone number. This is then followed by an email/phone call to the individual in an attempt to convince them into transferring funds and start earning by investing in Crypto.

The links contained in the articles take you to a fake, non-CBA domain to complete the ‘Expression of Interest’ and register. Furthermore, these scams often require urgent payments to be made to random third party accounts.

CommBank urges you to please pause, reflect and review carefully before proceeding when considering any investment opportunity. You can validate the authenticity of any investment product offered by CommBank by contacting us directly through our official phone numbers, a full list of which is provided on our Contact Us page. You can also review our investment scams information to learn more about recognising these scams.

Scam page examples: CommBank Crypto

10 February 2022 – Your service will be postponed

A CommBank-themed phishing email is currently targeting customers.

The fraudulent message prompts recipients to click on a malicious link within the email in order to restore your Netbank access.

This is not a legitimate CommBank communication. Do not click on the link or reply to the sender.

Scam message: "Dear user, due to unknown problem we lost connection between you raccount details and our server, we can't recognize your information anymore...."

10 February 2022 – Add your card to Apple Pay

A CommBank-themed SMS phish is currently targeting customers.

The fraudulent message prompts recipients to click on a malicious link within the SMS, in order to prevent their card being added to Apple Pay.

These are not legitimate CommBank communications. Do not click on the link or reply to the sender.

Scam: "From CommBank: 309569 is your NetCode to add your card to Apple Pay. ...."

1 February 2022 – Your service will be postponed

A CommBank-themed SMS phish is currently targeting customers.

The fraudulent message prompts recipients to click on a malicious link within the SMS in order to restore your Netbank access or message us in the CommBank app.

These are not legitimate CommBank communications. Do not click on the link or reply to the sender.

Scam: "CommBank Notice - Some of your remittances may violate our AML/KYC policy. Fill in this application to avert service postponement: https://is.gd/vlh7v"

1 February 2022 – Your NetBank will stop working

A number of CommBank-themed phishing emails and SMS are currently in circulation.

These fraudulent communications inform recipients that their NetBank will be stopped or restricted if they fail to login, or complete other actions such as verifying details or recording “touch behaviour”, by clicking on a malicious link within the email and entering their credentials or completing a verification process.

This is not a genuine CommBank communication. Do not click the link or reply to the sender.

Scam: "CommBank Alert! Check your account because is under review"

Scam: "We are enforcing new security measures for all our online banking service, in order to better ensure the safety of your online banking experience...."

20 December 2021 – Your account has been locked

A CommBank-themed SMS phish is currently targeting customers.

The fraudulent message prompts recipients to click on a malicious link within the SMS in order to restore your Netbank access or message us in the CommBank app.

These are not legitimate CommBank communications. Do not click on the link or reply to the sender.

7 December 2021 – Your NetBank will stop working

A CommBank-themed phishing email is currently in circulation.

This fraudulent email informs recipients that their NetBank will stop if they fail to login by clicking on a malicious link within the email and entering their credentials.

This is not a genuine CommBank communication. Do not click the link or reply to the sender.

03 December 2021 – Unusual and suspicious activity

A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.

The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity or unlock access to their CommBank accounts or cards.

This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.

These are not genuine CommBank communications. Do not click the link or reply to the sender.

30 November 2021 – Your statement is ready to view

A CommBank-themed phishing email targeting customers is currently in circulation.

This fraudulent email informs recipients that a statement has been issued, prompting them to click a malicious link and enter their credentials to view.

This is not a genuine CommBank communication. Do not click the link or reply to the sender.

Any time you need to access NetBank, please use a method already known to get to the authentic site, rather than a link in a message or email.

25 November 2021 – Investment scam alert: fake CommBank Bonds

Scammers are currently offering fake Bonds purporting to be issued by various reputable and well-known companies in Australia. We have identified a variation of this scam where fake Fixed Income/Fixed Rate Bonds allegedly issued by the Commonwealth Bank of Australia are being offered.

The emails promoting this scam originate from fake domains such as @cba-invest.com instead of the legitimate CommBank domain (@cba.com.au). Furthermore, these scams often require payments to be made to non-CommBank accounts.

CommBank urges you to please pause, reflect and review carefully before proceeding when considering any investment opportunity. You can validate the authenticity of any investment product offered by CommBank by contacting us directly through our official phone numbers, a full list of which is provided on our Contact Us page. You can also review our investment scams information to learn more about recognising these scams.

26 September 2021 – An attempt to sign in to your account

We have noticed reports of the re-emergence of a campaign similar to one earlier reported in July. A fake email purporting to be from CommBank prompts recipients to click on a malicious link after telling them an unrecognised device has attempted to sign into their account.

This is not a legitimate communication. Do not click the link, reply to the email, or provide any details.

23 August 2021 – Confirm details

A CommBank-themed SMS phish is currently targeting customers.

The fraudulent message prompts recipients to click on a malicious link within the SMS in order to update their personal details.

These are not legitimate CommBank communications. Do not click on the link or reply to the sender.

To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.

23 August 2021 – Unusual and suspicious activity

A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.

The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity or unlock access to their CommBank accounts or cards.

This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.

These are not genuine CommBank communications. Do not click the link or reply to the sender.

23 August 2021 – Restricted access to services

A CommBank-themed SMS phish is currently targeting customers.

The fraudulent message prompts recipients to click on malicious links within the SMS on the basis that their access to NetBank, bank accounts, or bank cards is or will be restricted until further information is provided or actions taken.

These are not legitimate CommBank communications. Do not click on the link or reply to the sender.

To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.

19 August 2021 – Restricted access to services

Two CommBank-themed SMS phishing messages are currently targeting customers.

The fraudulent messages prompt recipients to click on malicious links within the SMS on the basis that their access to NetBank is or will be restricted until further information is provided or actions taken.

These are not legitimate CommBank communications. Do not click on the link or reply to the sender.

To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.

19 August 2021 – New payee

A CommBank-themed SMS phish campaign is currently targeting customers.

The fraudulent messages prompt recipients to click on malicious links within the SMS on the basis that they had not setup the new payee.

These are not legitimate CommBank communications. Do not click on the link or reply to the sender.

To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.

16 August 2021 – FluBot Messages

We are aware of text messages circulating which contain a link to malicious software. Current versions of this message advise of a missed call and include a link to allow you to listen to a voicemail.

If you click on this link, it may try and install software that will compromise your device, including user details and passwords; and/or allow unauthorised access to your accounts.

If you have clicked any suspicious links, or notice any unusual activity on your online banking, please message us in the CommBank app, or find your nearest branch https://www.commbank.com.au/digital/locate-us/

See examples:

3 August 2021 – Your CommBank is temporarily locked

CommBank customers are being targeted with a phishing email with the subject line “Your CommBank is temporarily locked”. The email looks as though it comes from the CommBank address customeradvocate@cba.com.au and asks the customer to verify account details in order to restore access. This is not a genuine CommBank communication. Do not click the link and remember to always navigate to the site you know to be the legitimate NetBank login page before entering any details. 

28 July 2021 – Restricted access to services

Three CommBank-themed SMS phishes are currently targeting customers.

The fraudulent messages prompt recipients to click on malicious links within the SMS on the basis that their access to NetBank, bank accounts, or bank cards is or will be restricted until further information is provided or actions taken.

These are not legitimate CommBank communications. Do not click on the link or reply to the sender.

To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications. For more details about our KYC processes, visit commbank.com.au/KYCcollect.

28 July 2021 – Suspended debit card

A CommBank-themed phishing SMS is currently in circulation.

The fraudulent message prompts recipients to click on a malicious link within the SMS by informing them that their debit or credit card has been suspended and details need to be updated.

This is not a genuine CommBank communication. Do not click on the link or reply to the sender.

28 July 2021 – Account is marked as insecure

A CommBank-themed phishing SMS is currently in circulation.

The fraudulent message prompts recipients to click on a malicious link within the SMS by informing them that their account is marked as insecure and NetCodes must be returned to confirm safety.

This is not a genuine CommBank communication. You should never share NetCodes. Do not click on the link or reply to the sender.

July 22 2021 – Your document is ready to view

A CommBank-themed phishing email is currently in circulation.

This fraudulent email informs recipients that a document has been received, prompting users to log on and view the document by clicking on a malicious link within the email and entering their credentials.

This is not a genuine CommBank communication. Do not click the link or reply to the sender.

Scam: "Your document is ready to view"

July 22 2021 – Unusual and suspicious activity SMS phishes

A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.

The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity or unlock access to their CommBank accounts or cards.

This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.

These are not genuine CommBank communications. Do not click the link or reply to the sender.

Scam SMS examples

6 July 2021 – Attempt to sign in to your account

A CommBank-themed phishing email is currently in circulation. The email prompts recipients to click on a malicious link within the message by informing them that an unrecognised device has attempted to sign into their account and that account access has been disabled pending verification.

The phishing email appears to come from customeradvocate@cba.com.au. In this situation a legitimate CommBank email address has been "spoofed", which means the sender address has been forged to mislead you as to the email's origin. The communication itself is a phish. Do not click on the email or respond to the sender.

Scam SMS: "We noticed an attempt to sign into your account"

1 July 2021 – Online access restricted

A phishing SMS targeting CommBank customers is in circulation.

The message informs recipients that online access is restricted and prompts users to follow a malicious link within the SMS. The malicious link contains the words “commbank” and “netbank” in order to trick the recipient. However, this is not a genuine CommBank communication.
Do not click the link, or reply to the sender.

Scam SMS: "Your online access is restricted."

1 July 2021 – Insecure activity

Three CommBank-themed phishing SMS related to security are targeting customers.

The fraudulent messages prompt recipients to click on malicious links within the SMS and share Netcodes on the basis that insecure activity is occurring. This is a social engineering tactic to create a false sense of fear and trick you into doing something you wouldn't normally do. You should never share Netcodes. Please do not click the links or reply to these messages. 

Scam SMS examples. Do not click on any links in text messages.

June 22 – Security alert

There is a CommBank-themed phishing email in circulation with the subject line ‘Security Alert’.

The phishing email purports to come from “Commonwealth support” and informs the recipient that their account is missing important security information. The fraudulent message prompts recipients to follow a link to update their information within 24 hours to avoid their account being locked.

If you receive this email, do not reply to sender, click any link within the email, or provide any information.

Screenshot of 'Security Alert' phishing message

21 June 2021 – Online access restricted

A number of customers have reported receiving a fraudulent SMS that claims their NetBank access has been restricted. The message prompts the recipient to follow a malicious link within the SMS in order to restore access. This is not a genuine CommBank communication. Do not click on the link or reply to the sender.

Screenshot of restricted online access phishing message

21 June 2021 – Fake CBA communication

Customers have reported receiving a phishing email purporting to come from CommBank, with the subject line “You have received a new document”.

The fraudulent email informs the recipient that a new document is ready for review and can be seen by following a malicious link within the email to log on.

Do not click on links within the email, or reply to the sender. To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.

Screenshot of fake CBA communications

21 June 2021 – NetBank payment

A fraudulent SMS is in circulation targeting CommBank customers. It informs the recipient that a payment has been made to a new biller, which can be cancelled by following a malicious link. This is not a genuine CommBank communication. Do not click the link or respond to the sender.

Screenshot of NetBank payment phishing message

4 June 2021 – NetBank locked

A CommBank-themed phishing SMS is currently in circulation.

The fraudulent message informs recipients that their NetBank has been locked, prompting them to click a malicious link within the message to restore access.

This is not a genuine CommBank communication. Please do not click the link or respond to the sender.

Screenshot of NetBank locked phishing message

3 June 2021 – Password failures

A phishing email is currently targeting CommBank customers.

This email informs recipients that there have been multiple login attempts on their account with the wrong password entered. This message attempts to create a false sense of urgency by suggesting that their account will be suspended indefinitely unless the recipient updates their account information by following the link provided.

This is not a genuine CommBank communication. Please do not click the link or respond to the sender.

3 June 2021 – NetBank alert

A CommBank-themed phishing SMS is currently in circulation.

The fraudulent SMS alerts the recipient that all online banking access has been locked, prompting users to click on a malicious link in the SMS to verify their identity.

This is not a genuine CommBank communication. Please do not click the link or respond to the sender.

3 June 2021 – Suspicious activity

Multiple CommBank-themed phishing SMS are currently in circulation.

The fraudulent messages alert recipients to suspicious activities regarding their banking, such as new NetBank payees and Apple Pay activity, and prompts the recipient to click on a malicious link in the SMS to verify the activity.

These are not genuine CommBank communications. Please do not click the link or respond to the sender.

23 April 2021 – Update account

A coronavirus-themed phishing email is currently targeting CommBank customers. This email informs recipients that they must update their personal details in order to use their NetBank account, due to the 'COVID-19 virus'. This phishing message also attempts to create a false sense of urgency, by suggesting that the link provided is only valid for one day.

This is not a genuine CommBank communication. Please do not click the link or respond to the sender.

29 March 2021 – New Payee

New variations of a CommBank-themed phishing SMS are in circulation.

The SMS alerts the customer that a new payee was created, prompting users to click on a malicious link in the SMS to cancel the payee.

This is not a genuine CommBank communication. Please do not click the link or respond to the sender.

Screenshot of new payee smish

29 March 2021 – NetBank access blocked

Some CommBank customers have received phishing SMS messages that claim NetBank access has been blocked. Message recipients are prompted to click on a malicious link in the SMS to restore account access.

These are not genuine CommBank communications. Please do not click on a link or reply to the sender.

Screenshot of NetBank blocked smish

18 February 2021 - New Payee

Variations of a CommBank-themed phishing SMS are currently in circulation.

The SMS alerts the customer that there has been a new payee created or payment processed in NetBank, prompting users to click on the link in the SMS to cancel the payee or payment.

This is not a genuine CommBank communication. Please do not click the link or respond to the sender.

New payee SMS scam

25 January 2021 – Unusual account PayID activity

Some customers have received hoax CommBank-themed SMS messages related to payees and PayID. 

The messages claim that unusual account activity such as a new linked PayID or a payment made to a new payee has taken place, and prompt the recipient to click on the link if they did not initiate the activity. 

These are not genuine CommBank communications. Please do not click on a link or reply to the sender.

25 January 2021 – Netbank account locked, suspended or restricted

Variations of a number of CommBank-themed phishing SMS messages are in circulation. 

The messages claim that access to online banking services such as NetBank have been locked, suspended or restricted for security reasons. Message recipients are then prompted to click on a malicious link in the SMS to restore account access.

These are not genuine CommBank communications. Please do not click on a link or reply to the sender.