Phishing / Hoax Emails
‘Phishing’ emails are used by criminal groups to trick users into revealing personal details such as banking information and passwords. This information is then used for malicious purposes such as creating transfers or accessing sensitive information about the account holder. These emails will look like they have come from the Bank and will usually include brand logos as well as a suspicious link or attachment. Never click on a link or email attachment that looks suspicious.
CommBiz will not send you emails requesting you to verify or disclose your online banking credentials or confidential banking information. We recommend that you:
- Treat unsolicited emails with care and verbally confirm details where possible
- Send a copy of the suspicious email to firstname.lastname@example.org (include the email as an attachment if possible and try to avoid using the ‘forward’ feature, if possible)
- Delete all copies of the email once you have provided it to the Bank
If you have accessed a link or file attachment from an unsolicited email please contact the helpdesk on 13 29 39 immediately.
Keeping your Credentials safe
The Commonwealth Bank will not contact you via email or telephone asking you to provide login passwords or token one-time passwords.
If you receive any suspicious emails or phone calls requesting you to supply or verify personal information of this nature please record the caller ID, time of call and any information relating to the call contents and forward onto email@example.com or contact the helpdesk on 13 23 39.
Be wary of fraudulent emails coming from individuals acting as your suppliers or colleagues advising you to make a payment or change to beneficiaries in your address book. These occur commonly with international payments. For example, your supplier’s email could be compromised, allowing a fraudster to email you requesting a payment to a different account.
We recommend that you:
- Always check new beneficiary details in phone or in person prior to making any payment or amending your address book
- Call 13 23 39 immediately if you believe you have received a suspicious email
Malicious Web Pages, Pop-ups and Scams
Some phishing scams can generate fake banking web pages and pop-up messages. These web pages and window pop-ups may appear to be real, however they will usually request additional personal information, or ask the user to provide information “as part of a survey” which is then forwarded to a malicious 3rd party. To identify if a webpage is legitimate you need to be aware of the URL (web address) and ensure it is correct. For example a URL of xbjfkh.com/images/commbiz/com.au/login.html showing what appears to be the CommBiz home page is not the genuine CommBiz home page.
CommBiz will never use pop-up windows asking for your personal details including your user name, password, token password or account details.
If you notice a suspicious website or pop-up, ensure that you
- Never provide details requested in pop-up
- Take a screenshot and send it to firstname.lastname@example.org
- If you have provided any details within the pop-up or accessed unfamiliar hyperlinks, please call 13 23 39 immediately
Saving your password
Some recent browser updates mean that you may now be prompted to save your CommBiz password when logging on to CommBiz service. We strongly recommend that you never store your CommBiz Passwords to your browser when logging onto CommBiz. This is of particular importance when using a public or shared computer as someone else could access your personal information without your knowledge. If you have already saved your password to your browser and would like to clear it please follow the relevant instructions below.
Please note the below links will take you to external websites.