Beware of scams

Remember, if it sounds too good to be true, it probably is.

Need more help? Review the information on scams provided by the ACCC at


Take some time to think about whether the request for payment is genuine.

Remember: a genuine company or government department will never pressure you to make a payment.


Google the person or company you’re about to pay and look for any reviews or experiences that others may have had.


Talk to someone you trust and get their opinion.

If the payment is part of a scam, there’s very little chance you’ll get the money back.

Common types of scams 

Protecting yourself from SMS & email scams

  • What to look for

    We will never send you an email or SMS asking for banking information like your NetBank Client ID, password, or NetCode; or include a link to login directly from the email or SMS. Always type into a browser or use the CommBank app to securely access your banking.

    You can reduce your risk of being scammed by paying close attention to messages or emails that:

    • Aren't quite right. Scammers may use similar email addresses (e.g. and copy the look and feel of official messages to trick you into thinking a message is legitimate
    • Have spelling mistakes and incorrect grammar
    • Include an urgent call to action, such as asking you to unlock or verify an account, or log on and pay a traffic infringement notice. They might also contain malicious software (also known as malware) designed to infect your machine and steal data over time
  • How to check if a message is legitimate

    • When contacted by an unsolicited third party, it's better to be over-cautious. Contact the organisation directly using a phone number from their website (not the email or message) before you reply
    • Hover your mouse over a link to see the destination URL (web address), before clicking it. On a smartphone you can press and hold a link to inspect it. Carefully read these URLs, as they’re often created to look similar to legitimate addresses
    • Be suspicious of any correspondence received from overseas, especially if you're being asked to forward money or you're told you've won a prize
    • Never open an attachment you weren’t expecting, especially when it’s attached to a suspicious message

Received a suspicious message? 

  • Stop before you click

    If you haven't engaged with its contents, such as clicking a link or replying to it, report it to CommBank's 24/7 Cyber Security Centre by forwarding to, then delete the message.

    If you have engaged with its contents, you may still be able to stop scammers in their tracks. Here's what to do:

    • If you provided your NetBank password, change it via NetBank or the CommBank app
    • If you shared your card details, you'll need a new card. Lock your old card and request a new one via NetBank or the CommBank app
    • If you've clicked a link or opened an attachment from the scam or hoax message or if you were accessing NetBank at the same time you received and acted on the suspicious message, close your browser, empty your browser cache and clear your browser history. Then perform a virus scan on your computer using anti-virus software. If you’re on a mobile device, make sure you have updated your operating system, are running the latest version of the CommBank app and run an anti-virus scan if one is available on your device

    If you're worried or you’ve noticed a suspicious transaction, please contact us straight away.

Staying safe online

Whether your online habits involve shopping, banking or using social media, make sure you're doing so safely. We've created a short video outlining the simple ways you can protect yourself online, including tips for avoiding common scams.

We also have a CommBank online security specialist sharing some tips via a webinar series to help you feel confident with online safety and security. Learn more.

An extra layer of security

  • We offer an extra level of security with NetCode, a free service available to all NetBank customers. It's important to:

    • Ensure you're registered for NetCode 
    • Read all NetCode messages carefully. Only enter a NetCode if you'd like to authorise the activity outlined in the message 
    • Never provide anyone a NetCode

    We work closely with law enforcement and other authorities to shut down fake or malicious websites as quickly as possible. We also support the Australasian Consumer Fraud Taskforce in the promotion of ScamWatch, a website dedicated to the prevention of scams. 

    Find out more about protecting your online security from the Australian Cyber Security Centre.

    Visit to access a free online course that teaches you how to perform common banking tasks securely from home.

Important information

  • As the advice on this website has been prepared without considering your objectives, financial situation or needs, you should, before acting on the advice, consider its appropriateness to your circumstances. View our Financial Services Guide. Terms and Conditions for these products and services are available online or from any branch of the Commonwealth Bank. The Terms and Conditions should be considered before making any decision about these products.