Security alerts

Malicious Web Pages and Pop Ups

The Commonwealth Bank advises that there has been an increase in malicious software attacks which generates unauthorised CommBiz web pages and pop-up messages. These web pages and window pop-ups appear to be Commonwealth Bank authenticated however they are generated by malicious software downloaded onto your computer.

CommBiz will never use pop-up windows asking for your personal details including your user name, password, token password or account details. Pop-up windows requesting personal details could be a result of malicious software on your computer.

The following are actions you should take if you suspect you have received a suspicious windows pop-up, or any other like messages:

• Take a screenshot of the pop-up and forward the screenshot as an email attachment to hoax@cba.com.au. Never provide the details requested within the window pop-up or access unfamiliar hyperlinks.
• Complete a full security scan of your computer (to check for computer viruses, trojans and spyware)
• If you have provided any details within the pop-up or accessed unfamiliar hyperlinks, please call 13 2339 immediately

The Bank has processes in place that assist in detecting hoax pop-ups and other malicious attacks. The Bank works very closely with the authorities when such threats have been identified in an effort to have them shut down as soon as possible.

The following is an example of what has been recently detected. As already noted, even though the messages contain Commonwealth Bank branding, and would have appeared to have been developed by the Commonwealth Bank, they are not affiliated in any way with the Commonwealth Bank, or associated entity.

Latest hoax emails

The Commonwealth Bank advises that the following hoax emails are in circulation. Although they might appear genuine, they are fraudulent and have not been issued by the Commonwealth Bank.

The Commonwealth Bank does not send emails requesting you to confirm, update or disclose your confidential banking information.

The following are actions you should take if you suspect you have received one of the hoax emails below, or any other like message:

• Forward the email as an attachment to hoax@cba.com.au. Then delete the email immediately from your inbox and the deleted items folder. Never click on the link or provide any of the information requested.
• If you have clicked on the link within the email, complete a full security scan of your computer (to check for computer viruses, trojans and spyware)
• If you have responded to any email by providing your confidential information, please call 13 2339 immediately

The Bank has processes in place that assist in detecting hoax and phishing email websites and distribution networks. The Bank works very closely with the authorities when such emails or networks have been identified in an effort to have them shut down as soon as possible.

The following are a few examples of what has been recently detected. As already noted, even though the messages contain Commonwealth Bank branding, and would have appeared to have been sent by the Commonwealth Bank, they are not affiliated in any way with the Commonwealth Bank, or associated entity.

Example 1:
-----Original Message-----
From: Commonwealth Online Banking
Sent: Sun, 22 Jun 2008 1:14 am
Subject: Commonwealth Online Banking
 

Dear Customer,

During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your billing information. This might be due to either of the following reasons:

1. A recent change in your personal information (i.e. change of address, e-mail address).
2. An inability to accurately verify your selected option of payment due to an internal error within our processors.

Please update and verify your information by checking the link below:
 

https://commbank.com.au/online/LoginUpdate

We are requesting this information to verify and protect your identity. This is in order to prevent the use of the Australian banking system in illegal activity.

Please do not "Reply" to this Alert.

At Commonwealth Bank we are always ready to help you. Whether you need account assistance, product information or answers to financial questions we are here for you. Send us an email, call or write us. You may also try our online help files.

• Important information
  As this advice has been prepared without considering your objectives, financial situation or needs, you should, before acting on this advice, consider its appropriateness to your circumstances. Terms and Conditions issued by Commonwealth Bank of Australia for CommBiz are available on request. If you have a complaint, the Bank's dispute resolution process can be accessed on 13 2221.

 

Example 2:
----Original Message-----
From: AdminSC
Sent: Wed, 24 Mar 2010 7:33 am
Subject: Commonwealth Online Security Update

Dear Customer,

We have identified that some transactions (eg an ATM or branch withdrawal) are not displaying on some accounts such as Streamline or Debit MasterCard. This is currently being investigated as a high priority. This is done for your protection because some of our customers no longer have access to their email address.

To sustain our quality services and secure usage of our online banking system, we require you to verify and confirm your your permanent email address by following the reference given below:

Click Here To Verify Your Email Address

Email verification must be performed within seven days from receiving this email. However, failure to comply will result in temporary account suspension and limited account activity until an account specialist can contact you regarding this error. This can be avoided simply by following our online verification link above.

We apologize for any inconvenience.

Yours sincerely

Bryan Fitzgerald
General Manager, Media