Phishing is bogus emails created by fraudsters. The aim of these emails is to trick you into clicking on links to fake websites, opening malicious attachments or revealing personal or company information:

Signs of a phishing email include:

  • They may not address you by your name
  • Misspelling and inconsistent graphics/ images are common
  • They may ask for sensitive information
  • Creating a sense of urgency - scammers may try to test your better judgment by stating that something needs your immediate attention
  • Sender address - does it look unfamiliar or peculiar?
  • They may contain unfamiliar or unexpected attachments - don't open them as they may contain malicious software.
Phishing email example from Text: Hi Todd, Congratulations! You've won $1000! Please send us your address or bank details so we can send you your cash!!

Other examples of phishing emails can be found on ScamWatch.

You and your staff should be particularly vigilant about a form of wire fraud known as 'business email compromise' scams. This is a particular type of email fraud targeting businesses, in which fraudsters send emails posing as senior executives instructing a staff member to transfer money or make a payment, either by compromising the senior executives' real email account or setting up a fake one. Often, these emails will be targeted particularly at staff that have the authority to perform the transaction.

It's important to have strict processes in place for payments, such as multiple approval steps, and to educate your staff to suspect email requests that appear out of the ordinary. It's often advisable for staff to verify the legitimacy of an email request by contacting the sender using another channel, such as phone.

The Commonwealth Bank may at times email customers with important updates, but we'll never send emails asking customers to confirm, update or disclose personal or banking information. Most financial institutions follow the same practice.

If you receive an email that looks like it's from Commonwealth Bank that you believe may be a hoax, please forward it as an attachment to

It's important you never click on links or attachments in an email you think is a hoax. If you did click on a link and you are worried, use your security antivirus/anti-malware software to run a scan of your computer or device.

Examples of hoaxes and scams

Using your staff email address to sign up for a broad range of online services - particularly consumer services that are not sufficiently secured for business use - increases the possibility of the email account being compromised or used in phishing attacks.

It's important to restrict use of business email accounts to business-related purposes.

Phishing image
  • Be alert to scams and phishing emails
  • Don't reply to unsolicited requests for personal or financial information
  • Avoid holding both your business and personal emails in one account
  • If you didn't expect it, suspect it.