All Collections
Public safety advice
Misinformation and scamming
Commonwealth Bank phishing scams
Commonwealth Bank phishing scams
Scammers are taking advantage of that famous black and yellow diamond to trick people, so stay vigilant for any weird messages.
Alexander Pan avatar
Written by Alexander Pan
Updated over a week ago

Scammers are targeting Commonwealth Bank (CBA) customers using convincing fraudulent emails and SMS's designed to steal personal information, which includes financial details and sensitive personal data such as names, addresses, and passwords.

To prevent CBA customers from getting scammed, we're going to take a look at what is in these phishing scams and what to do if a fraudulent email or SMS is spotted.

If you need support or just someone to talk to, our Sonder support team is available 24/7 to chat whenever you need it.

What kind of CBA phishing emails do I need to be wary of?

These fake emails target unsuspecting CBA customers by warning them that their banking account access will be restricted unless they verify their personal details within the next 48 hours.

The email is a pretty convincing recreation of a real CBA email due to the use of legitimate-looking CBA imagery and language. There are instructions on what to do and a 'Click here to Verify' button that'll take customers to a fake phishing website designed to steal personal information.

While the CBA phishing email is pretty convincing, there are a number of signs that reveal it to be a fake:

  • The email address used is not a proper CBA address and is instead a bunch of nonsense.

  • The imagery used is usually low resolution and off-centre.

What kind of CBA SMS' do I need to be wary of?

Similar to the CBA phishing emails, these phishing SMS' impersonate CBA officials in an attempt to trick unsuspecting people into sharing their personal information.

These phishing SMS' generally involve some fake transaction that failed and urges the recipient to call the number enclosed in order to 'resolve' the issue.

This number is a fake phone line set up by scammers and they will attempt to steal people's details by asking for their personal information over the phone in order to 'fix' the aforementioned fake transaction issue (that never happened).

What to do if you spot this scam

It's important to note that CBA will never send its customers an email or SMS asking for banking information like a NetBank Client ID, password, or NetCode; or include a link to login directly from an email or SMS.

If you've received a phishing email or SMS of any kind, the first thing is to avoid opening it and report it to hoax@cba.com.au before deleting it directly from your inbox.

If you've accidentally clicked on a link in the phishing email or SMS, do not enter any information in the site you're directed to. If you've clicked on or saved a suspicious attachment, delete it immediately and run an anti-virus scan on your device.

If you've shared personal or financial details in response to the phishing email, you need to:

  • Contact CBA immediately to let them know what happened and ask what they can do to help.

  • Change the passwords for any online accounts that might be at risk. Make sure to enable two-factor authentication for an extra layer of security.

  • If you've shared personally sensitive information, such as your driver's licence, passport details, or contact details, visit IDCare for assistance on how to address potential identity theft.

  • File a report with the Australian Cyber Security Centre here.

If you are ever unsure whether an email, SMS or phone call is legitimately from CBA, always message them through the CommBank app or visit a branch in person.

If you have any questions or need extra support, we're here to help you anytime in any language. Simply start a chat with us via the home screen of the Sonder app to connect to our team of qualified, caring health professionals.

Information sourced from: The Leader, Commonwealth Bank #1, and Commonwealth Bank #2

Image credit: Commonwealth Bank via Facebook

All content is created and published for informational purposes only. It is not intended to be a substitute for professional advice. Always seek the guidance of a qualified health professional.

Did this answer your question?