Stop before you click

It's important to remember that we'll never send you text messages or emails that ask you to confirm, update or disclose personal or banking information. Most financial organisations follow similar practices. 

Not sure whether a message is legitimate?

If you haven't engaged with its contents, such as clicking a link or replying to it, report it to CommBank's 24/7 Cyber Security Centre by forwarding to, then delete the message.

If you engaged with a scam or hoax message, you may still be able to stop scammers in their tracks. Here's what to do.

Did you provide personal details? 

  • If you provided your NetBank password, change it via NetBank or the CommBank app. Make your new password complex and unique – don’t use the same password you have used for any other service/website
  • If you shared your card details, you'll need a new card. Lock your old card and request a new one via NetBank or the CommBank app
  • If you've clicked a link or opened an attachment from the scam or hoax message or if you were accessing NetBank at the same time you received and acted on the suspicious message, close your browser, empty your browser cache and clear your browser history. Then perform a virus scan on your computer using anti-virus software. If you’re on a mobile device, make sure you have updated your operating system, are running the latest version of the CommBank app and run an anti-virus scan if one is available on your device

If you're worried or you’ve noticed a suspicious transaction, call us straight away on 13 2221.

Types of scams to be aware of 

There are a few different ways scammers might try to trick you into sharing your personal information:

  • Email scams, known as phishing: Emails designed to look like they're from a legitimate sender, such as the government or a financial institution. They'll often request you click on a link, provide personal info or download an attachment
  • SMS scams, known as SMiShing: Messages might include a link to direct you to a fraudulent website or ask you for personal information
  • Email compromise scams: Where you're advised that a payment which is due should be paid to different bank details than what was previously advised
  • Remote access scams: Where scammers call you and attempt to obtain access to your accounts or device, pretending to be from a well-known company
  • Scams where a caller claims they are calling from the ATO, the police or another organisation and to avoid arrest or prosecution you'll need to pay them. These scams often request payment by unusual methods such as gift cards or bitcoin
  • Investment scams: Where a money making opportunity is presented which seems too good to be true
  • Other scams, like inheritance scams, threat or penalty scams and romance scams 

SMS scam examples

Scam example: "IMPORTANT NetBank Security requires you to authorise your device immediately or your account will be locked."
Scam example: "Dear Customer, We need to validate your account, please follow the link or visit the nearest branch"
Scam example: "IMPORTANT MESSAGE FROM COMMBANK - Your NetBank access has been locked. We've had to lock your NetBank to help protect your security. To unlock hyour account please visit your nearest Commonwealth branch with photo ID or go to... "
Scam example: "We have detected some unusual activity in your account. Please login via ... to secure your account"

Protecting yourself

What to look for

You can reduce your risk of being scammed. Pay close attention to messages or emails that:

  • Aren't quite right. Scammers may use deceptively similar email addresses (e.g. and mimic the look and feel of official messages to trick you into thinking a message is legitimate
  • Have spelling mistakes and incorrect grammar
  • Ask you to confirm, update or share personal or banking information (most emails from financial institutions don't do this)
  • Include an urgent call to action, such as asking you to unlock or verify an account, or log on and pay a traffic infringement notice. They might also contain malicious software (also known as malware) designed to infect your machine and steal data over time

Not sure if an email or message is legit? 

Here are some ways to check. 

  • When contacted by an unsolicited third party, it's better to be over-cautious. Contact the organisation directly using a phone number from their website (not the email or message) before you reply
  • Hover your mouse over a link to see the destination URL (web address), before clicking it. On a smartphone you can press and hold a link to inspect it. Carefully read these URLs, as they’re often created to look similar to legitimate addresses
  • Be suspicious of any correspondence received from overseas, especially if you're being asked to forward money or you're told you've won a prize
  • Never open an attachment you weren’t expecting, especially when it’s attached to a suspicious message

Keeping our customers safe

We offer an extra level of security with NetCode, a free service available to all NetBank customers. It's important to:

  • Ensure you're registered for NetCode 
  • Read all NetCode messages carefully. Only enter a NetCode if you'd like to authorise the activity outlined in the message 
  • Never provide anyone a NetCode

We work closely with law enforcement and other authorities to shut down fake or malicious websites as quickly as possible. We also support the Australasian Consumer Fraud Taskforce in the promotion of ScamWatch, a website dedicated to the prevention of scams. 

Find out more about protecting your online security at Stay Smart Online

Important information

As the advice on this website has been prepared without considering your objectives, financial situation or needs, you should, before acting on the advice, consider its appropriateness to your circumstances. View our Financial Services Guide. Terms and Conditions for these products and services are available online or from any branch of the Commonwealth Bank. The Terms and Conditions should be considered before making any decision about these products.