Is that really from CommBank?

    • Remember, we'll never send you an email or SMS asking for banking information like your NetBank Client ID, password, or NetCode; or include a link to login directly from an email or SMS
    • Stop before you click
    • If you're ever unsure whether an email or  message is legitimately from CommBank,  message us in the CommBank app, or visit us in a branch so we can assist you
    • If you get an unexpected call from CommBank you can use CallerCheck to ask us to send you a security message to your CommBank app to verify it’s us.
    • To be safe, always navigate directly to NetBank yourself and log on, rather than using any links in communications
    • Report suspicious emails or texts to hoax@cba.com.au then delete them straight after. Do not reply or engage with them

    Keeping your accounts safe is our priority. Find out more about how to recognise hoaxes and what to do if you see one

Latest scams pretending to be CommBank

  • The below emails and SMS messages, which have been reported, are not from CommBank and are not authorised by us. 

September 26: Fake CommBank support and identification emails

We have observed CommBank themed phishing emails targeting customers and asking them to activate their card or account, or to verify their identity.

Customers are directed to a webpage that asks them to provide their NetBank login, password, card and personal details such as phone number and address.

These are not legitimate CommBank notifications. Please do not engage with these emails. If you have accidentally input your details into a phishing site, please message us in the CommBank app or call 13 2221 or +61 2 9999 3283 from overseas. 

Example phishing emails

Social media scam example

6 September 2024 – CommBank phishing messages

We’re aware of a surge in fraudulent SMS messages designed to trick customers into clicking links or calling phone numbers prompting them to disclose sensitive information like:

  • credentials, such as Netbank IDs, CommBiz IDs, passwords and token codes; or,

  • personal identifiers, such as  ID details, addresses, phone numbers, date of birth, etc; or,

  • account details, such as account and/or card numbers

These messages may seem legitimate, and might even show up in the same thread as real messages from us. However, they are not from CommBank. We will never ask you for your details through a link in an email or SMS message.

Always check the best method to contact us by visiting commbank.com.au/support/contact-us.html and only access your banking from the CommBank app; or, CommSec, CommBiz and NetBank from a trusted location, never via a link in a message.

Be suspicious of any message that asks you for sensitive information, or to complete tasks like updating software, or giving remote access via email or text.

Scam: "apotentially high risk transaction has been detected"

1 August 2024 – Confirm your details

There are emails currently circulating that attempt to solicit personal information under the guise of updating your details.

These fraudulent emails prompt recipients to click on malicious links in the message and enter details into a webpage.

We will never ask you to click through a link on an email and enter personal details.

These are not legitimate CommBank communications. Do not click on the link or reply to the sender.

To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications. For more details about our KYC processes, visit https://www.commbank.com.au/latest/know-your-customer.html

Scam: "Confirm your personal and/or business details"

17 July 2024 – Social media scams

We're aware of fake CommSec advertisements appearing on social media, particularly on Instagram, that attempt to deceive people into engaging with investment scams.

Fake social media accounts are posting about a “stock investing course” that will supposedly help people become successful investors. The scammers misuse the CommBank brand and logo to legitimise their scam.

CommBank urges you to be sceptical of any opportunity that seems too good to be true, even if the information appears on a paid advertisement on social media.

Always Stop, Check and Reject if you have any doubt. You can also review our investment scams information to learn more about recognising these scams.

Social media scam example

28 June 2024 – BPAY Request

We are aware there are messages in circulation impersonating CommBank that attempt to mislead customers into calling a phone number to dispute a transaction. This phone number is not genuine. 

If the number is called, the scammer attempts to convince the customer of their legitimacy by sending a follow up message pretending to be CallerCheck, that appears in the same message thread. The customer is then sent a link to a fraudulent login page which will steal their credentials and other personal information. 

CallerCheck is not an SMS based platform and notifications will only be sent via the CommBank app. 

These messages are not legitimate CommBank communications. We will never send you a hyperlink from which to login via SMS. 

If you are ever unsure as to a communication’s authenticity, please use one of the methods shown on Contact us - CommBank to verify.

24 June 2024 – Fake Term Deposit scams

We are aware of an increase in investment scams posing as legitimate Term Deposit offerings. These are promoted through fake Term Deposit comparison sites. Scammers are attempting to lure customers to transfer large sums of money into fraudulent accounts.

A customer will be asked to complete an application form for a fake bond or Term Deposit, provide their contact details and to transfer funds into a bank account.  Scammers will use this information to steal the person's identity and any money they may be able to obtain access to.

Scammers will do anything to prevent a customer from contacting the legitimate financial institution or receiving a login to access their Term Deposit online. CommBank urges potential investors to check the legitimacy of the investment product directly with the financial institution.

Things to look out for:

  • Unsolicited and unexpected contact – this could be via a phone call, email, SMS, or social media platform.
  • Big banks and ASX listed companies don’t often use external providers to issue on their behalf - always contact a financial institution directly to open an account. Avoid using a search engine to find their number or click on unauthentic ‘contact us’ links, instead use an official channel such as a banking app or official website.
  • Requests for funds to be transferred - always check the bank account details are legitimate and verify it directly with the financial institution before making any payment. You can use NameCheck to check for incorrect payment details.

Remember to Stop, Check, and Reject if you come across an investment opportunity, even if it appears genuine. If you’re ever unsure, please contact us.

If you’ve been impacted by this scam, please contact us immediately.

Australian investor scam example

19 June 2024 - Your account has been locked

There are a range of fraudulent messages currently in circulation that attempt to mislead customers into clicking on a link. The link leads to a series of webpages that will request details including NetBank IDs, passwords, PINs and token codes.

The premise of the messages is that the account has been locked pending verification of the requested details. These messages may appear alongside legitimate messages in the same thread.

These messages are not legitimate CommBank communications. We will never send you a hyperlink from which to login via SMS.

If you are ever unsure as to a communication’s authenticity, please use one of the methods shown on Contact us - CommBank to verify.

19 June 2024 - Fake security alert

We are aware of a number of SMS messages currently circulating that attempt to deceive customers into clicking on a link and providing credentials, such as NetBank IDs, passwords, PINs and token codes. These may appear in message threads alongside legitimate CommBank communications.

The messages direct recipients to click a link regarding suspicious activities that have been detected on their account. Upon entering their username and password, the recipient may also be asked for a NetCode, as verification. 

These messages are not legitimate CommBank communications. We will never send you a hyperlink from which to login via SMS.

If you are ever unsure as to a communication’s authenticity, utilise one of the methods shown on Contact us - CommBank to discuss.

19 June 2024 - “Unusual activity detected”

We are aware of SMS messages currently in circulation that attempt to convince customers to click on a link to review “unusual activity”. The destination site then requests the customer provide credentials, such as NetBank IDs, passwords, PINs and token codes. These messages may appear in threads alongside legitimate CommBank communications.

The scammers then use these details to register digital wallets or register new devices to the scam recipient’s account.

These messages are not legitimate CommBank communications. We will never send you a hyperlink from which to login via SMS.

Remember to Stop, Check and Reject and if you are ever unsure as to a communication’s authenticity, you can use one of the methods shown on Contact us - CommBank to verify.

18 June 2024 - Updated address details

We're aware of a campaign where scammers are impersonating CommBank advising that customers’ personal details have been updated in an attempt to deceive them into clicking on a link, or calling a number, and providing:

  • credentials, such as Netbank IDs, CommBiz IDs, passwords and token codes; or,

  • personal identifiers, such as  ID details, addresses, phone numbers, date of birth, etc; or,

  • account details, such as account and/or card numbers

While the messages may look legitimate, these are not from CommBank. We will not ask you for these details from a link in an email. Always check the best method to contact us by visiting commbank.com.au/support/contact-us.html and only access your banking from the CommBank app; or, CommBiz and NetBank from a trusted location, never via a link in a message.

Remember to Stop, Check, and Reject if you come across an email requesting you to click on a link and provide your personal information or banking credentials.

If you’re ever unsure, please contact us.

Scam: "Your home address has been successfully updated. We are pleased to inform you that your home address has successfully been updated, however..."

11 June 2024 – CommBank phishing messages

We're aware of a number and variety of email messages currently circulating that attempt to deceive customers into either clicking on a link, or calling a number, and providing:

  • credentials, such as Netbank IDs, CommBiz IDs, passwords and token codes; or,

  • personal identifiers, such as ID details, addresses, phone numbers, dates of birth; or,

  • account details, such as account and/or card numbers.

While the messages may look legitimate, including links that appear accurate but lead to a fraudulent location, these are not from CommBank. We will not ask you for these details from a link in an email or SMS.

Always check the best method to contact us by visiting commbank.com.au/support/contact-us.html and only access your banking from the CommBank app or, CommBiz and NetBank by navigating yourself to a trusted location, rather than via a link in a message.

Be suspicious of any message that asks you for sensitive information, or to complete tasks like updating software, or giving remote access via email or text.

31 May 2024 – CommBank phishing messages

We're aware of a large number and variety of SMS messages currently circulating that attempt to deceive customers into either clicking on a link, or calling a number, and providing:

  • credentials, such as Netbank IDs, CommBiz IDs, passwords and token codes; or,
  • personal identifiers, such as  ID details, addresses, phone numbers, date of birth, etc; or,
  • account details, such as account and/or card numbers

While the messages may look legitimate, or even appear to be arriving in the same conversation thread as legitimate messages, these are not from CommBank. We will not ask you for these details from a link in an email or SMS.

Always check the best method to contact us by visiting commbank.com.au/support/contact-us.html and only access your banking from the CommBank app; or, CommBiz and NetBank from a trusted location, never via a link in a message.

Be suspicious of any message that asks you for sensitive information, or to complete tasks like updating software, or giving remote access via email or text.

23 May 2024 - CommBank payment scam

We're aware of a number of emails and SMS messages currently circulating that attempt to deceive customers into clicking on a link and providing credentials, such as Netbank IDs, passwords and token codes.

The messages direct recipients to click a link regarding a recent transaction, and upon entering your username and password, will also request a Netcode, for identification. 

This is not a legitimate CommBank communication. Do not click any links or reply to the sender.

If you are ever unsure as to a communication’s authenticity, utilise one of the methods shown on Contact us - CommBank to discuss .

19 April 2024 – CommBank phishing messages

We're aware of a large number and variety of SMS messages currently circulating that attempt to deceive customers into either clicking on a link, or calling a number, and providing:

  • credentials, such as Netbank IDs, CommBiz IDs, passwords and token codes; or,
  • personal identifiers, such as  ID details, addresses, phone numbers, date of birth, etc; or,
  • account details, such as account and/or card numbers

While the messages may look legitimate, or even appear to be arriving in the same conversation thread as legitimate messages, these are not from CommBank. We will not ask you for these details from a link in an email or SMS.

Always check the best method to contact us by visiting commbank.com.au/support/contact-us.html and only access your banking from the CommBank app; or, CommBiz and NetBank from a trusted location, never via a link in a message.

Be suspicious of any message that asks you for sensitive information, or to complete tasks like updating software, or giving remote access via email or text.

5 April 2024 – Imposter bond investment scams

We’re aware of a new type of investment bond scam purporting to be supported by the Commonwealth Bank (CommBank). 
This scam claims the bond will provide unrealistic returns and guaranteed protection. 
In addition to naming a number of other entities, it names CommBank.

ASIC has also published an Imposter bond investment scams page to warn people of scams such as this. 

Remember to Stop, Check, and Reject if you come across an investment opportunity that appears too good to be true.
If you’re ever unsure, please contact us.

Investment scam: term deposit - Select Wealth Management

28 March 2024 – Investment scam alert: Crypto scammers targeting people via social media

Scammers are posting advertisements on social media, particularly on Facebook, Instagram, WhatsApp and YouTube.

Both fictitious and compromised social media accounts are posting that a “Crypto Broker” (with an introduction similar to the image) helped them make significant sums. A mix of screenshots is used displaying fake notifications, accounts and balances. The scammers misuse the CommBank brand, app and website to try and legitimise their scam.

CommBank urges you to be sceptical of any opportunity that seems too good to be true, even if the information allegedly comes from someone you know.

Always Stop, Check and Reject if you have any doubt. You can also review our investment scams information to learn more about recognising these scams.

Example of Facebook scam: "Let me share my little success on here. I have always had interest in Bitcoin mining trading, but I was scared..."
Example of Facebook scam: 'bitcoin entrepreneur": "Crypto & Forex Trading"

4 March 2024 - CommBank phishing emails and SMS

We're aware of a large number and variety of email and SMS messages currently circulating that attempt to deceive customers into providing:

  • credentials, such as Netbank IDs, CommBiz IDs, passwords and token codes; or,
  • personal identifiers, such as  ID details, addresses, phone numbers, date of birth, etc; or,
  • account details, such as account and/or card numbers

While the messages may look legitimate, or even appear to be arriving in the same conversation thread as legitimate messages, these are not from CommBank. We will not ask you for these details from a link in an email or SMS.

Always check the best method to contact us by visiting commbank.com.au/support/contact-us.html and only access your banking from the CommBank app; or, CommBiz and NetBank from a trusted location, never via a link in a message.

Be suspicious of any message that asks you for sensitive information, or to complete tasks like updating software, or giving remote access via email or text.

screenshots of scams

13 February 2024 - Prompts to call via email and SMS communications

We're aware of a number of email and SMS messages currently circulating that urge customers to call a number included in the email or SMS. If you call and are not immediately connected, a scammer will call you back, and convince you to provide details to them which they can then use to compromise your accounts or identity.

These are not legitimate CommBank communications. Do not click the links, call any number in a message or reply to the sender. If anyone from CommBank does call you, ask them to identify themselves via the CommBank app using CallerCheck.

Always check the best method to contact us by visiting commbank.com.au/support/contact-us.html and only access NetBank from a trusted location, never via a link in a message.

Be suspicious of any message that asks you for sensitive information, or to complete tasks like updating software, via email or text.

13 February 2024 - CommBank phishing emails and SMS

We're aware of a large number of email and SMS messages currently circulating that urge customers to provide their details by logging on to a site impersonating NetBank directly from a link in the email or SMS. While in some instances the link may appear legitimate, we will not send you links to login to our services.

These are not legitimate CommBank communications. Do not click the links or reply to the sender.

Always check the best method to contact us by visiting commbank.com.au/support/contact-us.html and only access NetBank from a trusted location, never via a link in a message.

Be suspicious of any message that asks you for sensitive information, or to complete tasks like updating software, via email or text.

screenshots of scam email
screenshots of scam email

9 February 2024 – PayID Scam

We are aware of emails in circulation claiming that user's ability to receive funds is limited.

The scammers request that you instruct your last payer to send you more money to release the funds.

PayID will never contact you directly. If you encounter any issues with PayID please contact your bank.

Signs it’s a scam:

  • You receive an email claiming to be from PayID.

  • You are asked to pay money in order to settle an overpayment or to “unlock” or “upgrade” your account.

  • You are asked to receive payment via PayID, but also asked for your email address or other irrelevant contact information.

Never respond to emails such as this, as criminals will use them to harvest information about you they may then seek to exploit.

9 February 2024 - CommBank phishing emails and SMS

We're aware of a large number of email and SMS messages currently circulating that urge customers to provide their details by either logging on to a site impersonating NetBank directly from a link in the email, or via a call to a number purporting to be CommBank

These are not legitimate CommBank communications. Do not click the links, call any number in an email or reply to the sender.

Always check the best method to contact us by visiting commbank.com.au/support/contact-us.html and only access NetBank from a trusted location, never via a link in a message.

Be suspicious of any message that asks you for sensitive information, or to complete tasks like updating software, via email or text.

screenshots of scam text messages

31 January 2024 – CommBank/CommBiz phishing email

We're aware of an email currently circulating that urges customers to login to CommBiz via a link in the email and complete an online identity verification.

This is not a legitimate CommBank communication. Do not click the links in the email or reply to the sender.

Always check the best method to contact us by visiting commbank.com.au/support/contact-us.html and only access NetBank from a trusted URL, like the CommBank website.

Always be suspicious of any message that asks you for sensitive information via email or text.

Scam text message example: "Start your online identification"

10 January 2024 – CommBank Security Alert

We are aware of a number of SMS phishing scams reporting to be from ‘CommBank’. The scammers sending these messages are employing a tactic that makes them appear in the same message thread as legitimate CommBank messages, as per the image. The link then takes you to a fake login page where the scammers harvest your credentials.

These are not legitimate CommBank communications. Do not click the links, call or reply to the sender.

We will never ask you to log on or provide sensitive information via a link in an email or SMS.

Scam text message example: "Your account is being checked for suspected fraudulent funds..."

3 January 2024 – CommBank Security Alert

Beware of SMS phishing scams reporting to be from ‘CommBank’. 

  • An SMS that appears with other genuine SMS from the bank that requests recipients to click a link to secure their account regarding a new CommBank App registration. 

These are not legitimate CommBank communications. Do not click the links, call or reply to the sender.

We will never ask you to log on or provide sensitive information via a link in an email or SMS.

Scam text message examples: "Your temporary password is..." and "Security Alert: A new CommBank app has been registered..."

1 December 2023 - CommBank phishing emails

We're aware of a number of emails currently circulating that urge customers to provide their details by either logging on to a site impersonating NetBank directly from a link in the email, or via a call to a number purporting to be CommBank.

These are not legitimate CommBank communications. Do not click the links, call any number in an email or reply to the sender.

Always check the best method to contact us by visiting commbank.com.au/support/contact-us.html and only access NetBank from a trusted URL, like the CommBank website CommBank.com.au.

Be suspicious of any message that asks you for sensitive information via email or text.

Scam example locked account "We noticed some suspicious activity on your account..."
Scam example: "We have detected a login attempt from an unauthorized device."

29 November 2023 – Cheque scams

We are aware of a buying and selling scam involving fraudulent cheques. A scammer contacts a seller who’s selling a high-value good, such as a laptop or phone, and agrees to pay the seller by them or a friend depositing cash into the seller's account. The scammer however deposits a fraudulent or valueless cheque via an IDM (Intelligent Deposit Machine). The seller will see a notification on their phone that funds have been deposited however as the cheque is fraudulent or valueless, the funds will be dishonoured by the issuing bank and the initial deposit will be reversed.

In these circumstances if you’re receiving payment via cash:

  • Always make sure the purchaser is handing you cash in person, not depositing into your account.
  • If, due to circumstances, they (or a friend), must deposit into your account, it is important to ensure the transaction reads "CBA Deposit CBA ATM [Branch Name] ", a cash deposit will never have the word "cheque" in it. Also ensure the available balance reflects the new deposit and it is not still in the pending balance. 

9 November 2023 – Optus outage messages

We are currently aware of scammers seeking to exploit the recent Optus outage. 

Fraudulent messages are asking people to provide Optus and bank login details in order to allegedly claim compensation. The message directs a user to click on a link, at which point they are taken to a fake login page to capture Optus account details. It then requests payment card details and asks the user to select their financial institution, after which the user is directed to a fake NetBank page where banking credentials are captured. 

Optus have confirmed, via their outage page https://www.optus.com.au/notices/outage, that they will not be sending any communications via email or SMS concerning this outage with links. 

These messages are fraudulent, if in doubt, remember 3 simple steps: Stop. Check. Reject:   

  1. Stop – Does a call, email or text seem off? The best thing to do is stop. Take a breath. Real organisations won’t put you under pressure to act instantly.
  2. Check  – contact the organisation the message claims to be from on a trusted number, not one in the communication.
  3. Reject  – If you’re unsure, hang up on the caller, send a screenshot to hoax@cba.com.au, delete the email, block the phone number. Change your passwords if you feel you may be compromised.

10 October 2023 - New phishing scams with fake CommBank phone numbers

We are aware of new phishing emails pretending to be from CommBank, claiming that a new mobile phone or phone number has been linked to a customer’s account. The goal of these phishing emails is to collect credit card and NetBank login information.

These messages use scare tactics by suggesting that a newly registered phone or phone number can now seamlessly transact to and from linked CommBank accounts, or that a NetBank password has been changed, or that a transaction has been disputed. Anticipating the immediate anxiety that this is likely to cause you, the scammers have included a phone number that can be called for assistance; however, when phoned, the scammer will then claim your accounts need to be secured by providing a credit card number. The scammer then asks for the numbers to be typed on a mobile phone keypad, allowing them to record the sounds made by the phone and steal the credit card information to conduct fraud.

These are not legitimate communications from CommBank. Do not call the phone number in the email, click on any links or respond to the sender. If you are ever unsure of a message you have received claiming to be from us, visit http://www.commbank.com.au/contactus to find legitimate numbers you can call to speak to us directly. If you use the CommBank app, you can request CallerCheck be used as a way to verify you are speaking with the bank.

screenshots from postal delivery service SMS scams

17 August 2023 - CommBank impersonation calls

Both business and retail customers are currently receiving calls from scammers claiming to be CommBank staff and the CommBank fraud department.

These scammers are extremely convincing and will send a fraudulent SMS impersonating CommBank with a fake authorisation code to “verify” your identity. They will then ask you read out the fake authorisation code in order to confirm your identity.

CommBank will never send you an SMS to verify your identity and will never ask you to provide your passwords, NetCodes or tokens.

If you get an unexpected call from CommBank you can ask us to use CallerCheck to verify it’s us.

8 August 2023 - CommBank phishing email

We're aware of an email currently circulating, that urges customers to confirm their identity by logging on to NetBank directly from a link in the email.

This is not a legitimate CommBank communication. Do not click the links or reply to the sender.

Always be suspicious of any message that asks you for sensitive information via email.

CommBank phishing email

11 July 2023 – Scams using Live Chat to gain remote access

A CommBank/CommBiz themed scam is currently operating where scammers are cold calling customers, particularly businesses, pretending to be from CommBank or CommBiz support and advising of a problem with their internet banking.  

Customers are then being directed to a Live Chat site, which is a fraudulent duplicate of the CommBank website with hyperlinks that will install remote access software on the customer’s computer, allowing the scammer to take control of it while they talk the customer through providing them necessary details to complete payments. 

Important points to note, we will never: 

  • Request remote access to a customer’s computer 

  • Ask customers to provide us with a Netcode or code from a CommBiz token 

  • Ask for any password 

  • Instruct customers to make a transfer 

Should you receive a call from someone claiming to be from the bank that is suspicious, hang up and call back on a known number such as your relationship manager, or one of the methods at Contact us - CommBank.

If you get an unexpected call from CommBank you can ask us to use CallerCheck to verify it’s us.

CommBiz Scam example

19 June 2023 – DocuSign alert: Phishing emails referencing CommBank

Scammers often impersonate widely used services such as DocuSign to steal credentials and gain unauthorised access to accounts. To increase the credibility of these impersonations, attacks may include names of bank staff. These emails are not from CommBank.

If the email is unexpected, and the layout and branding is inconsistent with DocuSign, it could be a scam.

If you're ever unsure whether an email is legitimate, contact us www.commbank.com.au/contactus or through your Relationship Manager. If you think an email might be a scam, report it to us by forwarding to hoax@cba.com.au, then delete the message.

For more information about how to recognise DocuSign fraud visit https://www.docusign.com.au/blog/how-docusign-users-can-spot-avoid-and-report-fraud

Two scam examples for Docusign scam

26 May 2023 – Investment scam alert: Fictitious website impersonating CommBank

Scammers are posting advertisements on social media, particularly on Facebook, Instagram, WhatsApp and YouTube.

The advert claims to use AI to generate passive income from an initially modest investment and deliver large returns. The scammers often claim you can make between $1000 - $5000 a day from an investment of $350.

The scammers will create a fake trading profile that looks legitimate, and will ask you to begin with a small investment. They'll show you fake returns on your investment, then ask for more money, often through cryptocurrency.

The scammers misuse well-known news brands and the CommBank brand to try and legitimise their scam. Scammers have even used fraudulent, AI generated videos of CommBank CEO Matt Comyn, and others, to try and convince people to invest.

CommBank urges you to be sceptical of any opportunity that seems too good to be true. Always Stop, Check and Reject if in doubt. You can validate the authenticity of any investment product offered by CommBank by contacting us directly through our official phone numbers, which can be found on our Contact us page. You can also review our investment scams information to learn more about recognising these scams.

13 April 2023 - CommBank payment scam

Be on the lookout for an SMS scam falsely claiming to be from CommBank. 

The SMS requests recipients to call regarding a newly completed transaction. 

This is not a legitimate CommBank communication. Do not click any links, call the number in the message, or reply to the sender.

If you are ever unsure as to a communication’s authenticity, utilise one of the methods shown on www.commbank.com.au/contactus to call a CommBank number you know to be legitimate in order to speak with us.

scam: "You've attempted a payment of 750.00 to Target LTD from a new device."

1 April 2023 - CommBank details & Airbnb scams

Beware of email and SMS scams reporting to be from CommBank. 

  • An email that urges customers to confirm their identity by logging on to NetBank directly from a link in the email. 
  • An SMS that requests recipients to call regarding a pending Airbnb transaction. 

These are not legitimate CommBank communications. Do not click the links, call or reply to the sender.

We will never ask you to log on or provide sensitive information via a link in an email or SMS.

27 February 2023 – CommBank Staff impersonation scam

  • Both business and retail customers are currently receiving calls from scammers (often with UK/British accents) claiming to be Commonwealth Bank staff.

    These scammers are extremely convincing and will often:

    • Provide information that seems genuine in order to convince you to provide your user ID, password, security questions or token.
    • Gain remote access to your computer by requesting you to download software applications such as, AnyDesk or logging into fake CommBank websites.

    Whilst our fraud team may contact you to verify a transaction, we’ll never ask you for sensitive banking details such as NetBank or CommBiz token/passwords, PIN’s or NetCodes. We’ll also never ask you to transfer money, download software or get you to login via a link sent through email or SMS.

    If you are speaking to someone claiming to be from Commonwealth Bank, whether they seem to be legitimate or not:

    • Never tell them your token passwords, NetBank passwords, NetCodes or usernames for your CommBiz Service
    • Never download software or update software where they have sent instructions to do so
    • Never provide remote access to your device or PC

    If you receive a call from anyone claiming to be from the Commonwealth Bank, request they use CallerCheck to identify you. If you do not have the CommBank app and are unsure if the caller is legitimate, hang up and contact us via www.commbank.com.au/contactus to verify.

17 February 2023 – Investment scam alert: Fictitious website impersonating CBA’s subsidiary

Scammers have recently published a fictitious website impersonating Commonwealth Bank’s subsidiary – Securitisation Advisory Services Pty Ltd (ACN 064 133 946) (AFSL 241216) to promote the sale of scam investment products, including treasury and corporate bonds.

To attract potential victims, the scammers have created this fake price-comparison website, offering to provide investors with information on the best rates for various products. Potential investors who leave their personal details on the site are very likely to receive a call from the scammers. The caller will impersonate as a staff member working for Securitisation Advisory Services. They will supply the potential investor with good quality documents containing details of the proposed investment, which will usually provide a greater return than an equivalent legitimate product in the market. The fictitious website used for this scam is ‘sas-invest.com’.

Commonwealth Bank urges you to review carefully before proceeding when considering any investment opportunity. Always Stop, Check and Reject if in doubt. You can validate the authenticity of any investment product offered by Commonwealth Bank by contacting us directly through our official phone numbers, a full list of which is provided on our Contact us page. You can also review our investment scams information to learn more about recognising these scams.

Scam: Market Leading Government - Protected treasury and Corporate Bonds

11 January 2023 – Unusual and unexpected activity

A large number of CommBank-themed phishing messages and emails are currently in circulation.

These fraudulent communications urge recipients to click on a link by informing them of unusual or unexpected activity on their accounts, such as unexpected logins, registered devices, Netcodes, and payments.

These are not legitimate CommBank communications. Do not click the link or reply to the sender.

Current scam trends

  • Here are some of the current scam trends and tactics that we’re seeing affecting our customers.

12 September 2024 - Scammers attending victim homes

  • We urge you to stay vigilant as scammers are targeting individuals, particularly the elderly, and visiting their homes, pretending to represent trusted organisations such as banks or government officials.

    Typically, these scammers initiate contact by phone and convince unsuspecting victims to hand over their bank cards and/or cash - either by leaving it in the mailbox or giving them directly - along with their PINs and passwords. They claim this is necessary to prevent scams or assist in an ongoing investigation. Once in possession of these items, the scammers swiftly access victim bank accounts, stealing funds.

    Please be aware that no legitimate organisation will ever request your card, cash or passwords in this manner. Always verify the identity of anyone who contacts you by reaching out to the organisation directly using a trusted number.

    If you suspect you’ve been targeted, please contact us.

9 July 2024 – Fake Cryptocurrency Exchange/Job Scam Alert: JUHBZ and PTOUNX



Be aware of Facebook ads that lead into WhatsApp groups where you can "learn to trade" with a "mentor" to build your trust. You may even be offered small incentives to participate.

Victims are instructed to sign up to a known scam website such as JUHBZ and PTOUNX using a referral code. Scammers will encourage you to “deposit money to buy cryptocurrency or invest” by transferring money to a specific bank account.

This is fake and the money cannot be withdrawn in full.

Scammers may initially provide genuine investment advice to build trust, before then instructing you to invest in the scam. However, it is important to always Stop and be suspicious of ‘investment opportunities’ offering high returns with little to no risk. Check and research reviews before committing to anything. And Reject if you are being pressured to make a decision about your money or investments.

Scam examples: "JUHBC Exchange, creating unlimited possibilities" and "invest in crypto, trust in Ptounx"

4 July 2024 – NASC Impersonation Scam

  • We are aware of scammers posing as representatives from the National Anti-Scam Centre (NASC), calling victims and claiming their phone number is being used in a scam in China.

    They offer to help 'clear your record' and work hard to earn your trust, only to steal your money and personal information. These scams can be difficult to detect as the calls often appear to come from legitimate numbers. Remember, the National Anti-Scam Centre will never ask for money, financial, or personal information, nor will they threaten you.

    If you think a call claiming to be from NASC or any other organisation is not genuine, remember to Stop, Check, and Reject and if you are ever unsure, please ask someone you trust or contact the organisation the call claims to be from on a trusted number - do not engage with the scammer.

7 June 2024 – Fake Term Deposit scams

We are aware of an increase of investment scams posing as legitimate Term Deposit offerings being promoted through fake Term Deposit comparison sites.

Victims will be asked to provide their contact details and are then offered Term Deposit or bond rates from a range of financial institutions and banks. These Term Deposits and bonds are fake.

CommBank urges potential investors to contact any financial institution directly if they are offered any investment product to check whether it is genuine.

Remember to Stop, Check, and Reject if you come across an investment opportunity that appears to be an investment scam. If you’re ever unsure, please contact us.

15 May 2024 – Postal delivery service SMS scams

We are aware of postal delivery service scams targeting customers through text messages.

If you receive a message claiming to be from a postal delivery service that requests for you to click on a link for an undelivered package or to rearrange delivery, do not click on any links and delete the text. These messages contain links to websites impersonating postal delivery, however clicking them will lead to false websites that steal personal and financial information.

To keep yourself safe from these sorts of scams, don’t click the link or share your personal information. Instead, if you need to check the status of a delivery you have requested, use alternative methods such as the secure app provided by your postal delivery service or refer to their website for more information.

15 May 2024 – Phishing impersonation scams

We are aware of a surge in phishing scams impersonating well known organisations, such as Auspost, Coles, and Linkt, in an attempt to deceive customers into disclosing sensitive banking information such as your NetBank ID, password, card details and NetCodes.

These scams involve deceptive emails or text messages that lead recipients to fake websites, and are designed to appear legitimate, often using convincing logos, branding, and language to trick unsuspecting individuals. These sites will urge victims to input their personal information under the guise of claiming a prize, resolving an issue with their account, or confirming a delivery.

To protect yourself from falling victim to these scams, it's important to remain cautious of unexpected emails or messages requesting sensitive information. If you receive a suspicious message or email with an urgent call to action, remember to Stop, Check, and Reject. Avoid clicking links or sharing personal information if uncertain. And consult the organisation directly or reach out to somebody you trust.

4 March 2024 - CommBank phishing emails and SMS

We're aware of a number of SMS messages impersonating the Australian Tax Office (ATO) to attempt to deceive customers into disclosing banking credentials.

The message states that a refund is due but needs to be processed manually by updating details. The link in the phishing SMS leads to a fake ATO website that requests which bank you are with, which then links to a fake  Netbank login screen.

These sites are fake and designed to harvest your credentials.

Be suspicious of any message that asks you for sensitive information, or to complete tasks like updating software, or giving remote access via email or text.

6 December 2023 – ACMA scam

We have been made aware of a new phishing scam that impersonate the Australians Communications and Media Authority (ACMA).
The link takes the recipient to a website that impersonates the ACMA and asks the recipient to choose their financial institution and follow the prompts

The text of the scam specifically encourages the recipient to click on the link by claiming that the recipient has been the victim of a data breach. This exploits the concerns that recipients may have about recent data breaches. Whilst this specific campaign involves the impersonation of ACMA, it is important to note that the same technique can involve the impersonation of other government agencies as well.

If you have received a message or email that does not seem genuine or includes an urgent call to action, remember to StopCheck and Reject. Don’t click the link or share personal information if you are unsure. Ask someone you trust or contact the organisation directly through a contact number provided on their official website. 

4 December 2023 – Imposter bond investment scams

We’re aware of a new type of investment bond scam purporting to be supported by the Australian Securities and Investments Commission (ASIC).

The scam claims the bond can be cancelled after 90 days, and is being offered over corporate and treasury bonds. 

In addition to naming a number of other entities, it names CommBank.

ASIC has also published an Imposter bond investment scams page to warn people of this scam. 

Remember to Stop, Check, and Reject if you come across an investment opportunity that appears to be an imposter bond investment scam. If you’re ever unsure, please contact us.

Pages from scam flyer

14 November 2023 - Travel and accommodation booking website phishing scam

There have been reports of a new phishing scam targeting users of accommodation sites, such as Booking.com. Reports claim users receive a message from official website email addresses such as ‘noreply@booking.com’ or from the messaging function within the booking app.

The message claims that a booking will be cancelled if customers do not input credit card details through a provided link. The message or email is typically received when a customer has recently booked accommodation, is due to check-in, or has already checked-in.

If you have received a message or email that does not seem genuine or includes an urgent call to action, remember to Stop, Check and Reject. Don’t click the link or share personal information if you are unsure. Ask someone you trust or contact the organisation directly through a contact number provided on their official website. 

screenshot from booking.com scam

15 August 2023 – AUSTRAC and Australian Financial Intelligence Unit (FIU) impersonation scams

  • AUSTRAC has issued a news release regarding scams impersonating AUSTRAC and FIU. There have been reports of scammers calling members of the public, posing as AUSTRAC or FIU investigators. The scammers state that the individual’s bank account was used for money laundering and is now under investigation. The scammers advise that AUSTRAC will put a hold on their account and asks them to transfer their money into another account for ‘safe-keeping’.

    AUSTRAC will never tell you we are putting a hold on or freezing your bank account. These scams attempt to trick you into moving or paying money, or giving out your personal information. Scammers often pretend to be from trusted organisations like AUSTRAC.

    If you think a call claiming to be from AUSTRAC or any other organisation is not genuine, remember to Stop, Check, and Reject and if you are ever unsure, please ask someone you trust or contact the organisation the call claims to be from - do not engage with the scammer.

    For further information you can visit: Be aware of scams impersonating AUSTRAC and FIUs | AUSTRAC

18 July 2023 - Postal delivery service SMS scams

If you receive a message claiming to be from a postal delivery service requesting you click on a link for an undelivered package or to rearrange delivery, do not click on any links and delete the text.

Scammers are sending texts that appear to be from postal delivery services. These messages contain links to websites impersonating postal delivery services and ask you to input information such as your NetBank ID, password, card details and NetCodes to pay for a redelivery fee. If you receive a message like this, don’t click the link or share your personal information. If you need to check the status of a delivery you have requested, you could instead use the secure app provided by your postal delivery service or refer to their website for more information.

 

screenshot from postal delivery service SMS scams
screenshots from postal delivery service SMS scams

5 July 2023 – Threat and penalty scams

  • We’ve seen an increase in scams where scammers claim to be from a government organisation and/or the police and advise victims that they’ve been involved in illegal activity such as money laundering. Scammers create a sense of urgency by making threats of arrest, police investigation or other serious penalty. Often, scammers will specifically target overseas nationals in Australia, and may threaten deportation or visa cancellation. As well as seeking money, scammers will often attempt to obtain passports, visa numbers, and other forms of ID. Scammers will falsely provide ID numbers for cases and transfer to fake government organisations to support the legitimacy of the scam. Scammers then demand the victim to transfer money to international bank accounts and other unusual methods such as cryptocurrencies like bitcoin, cardless cash, cash deposits, international money transfers and gift cards/store cards for their bail. Often, these scammers create fear through ensuring the victim has regular contact with the scammer to track their actions, whereabouts and who the victim is talking to. Victims can also be made to contact relatives overseas and fake their kidnapping in order to obtain more funds.

    If you receive a message like this, don’t click any links or share your personal information. Hang up, delete the message and stop contact with the scammer.  View more information on threat and penalty scams and download our threat and penalty scam factsheet (PDF)

31 March 2023 - Linkt SMS scams

If you receive a message claiming to be from Linkt toll services requesting payment for an overdue bill or to fix an issue with your account, do not click on any links and delete the text.

Scammers are sending texts that appear to be from Linkt toll services. These messages contain links to fake websites and ask you to input information such as your NetBank ID, password, card details and NetCodes. If you receive a message like this, don’t click the link or share your personal information. Delete the message and contact linkt.com.au directly to check whether the message is legitimate. 

17 February 2023 – PayID Scams

Currently, people who are selling items on Facebook marketplace or gumtree are being targeted by scammers requesting payments to be made to “PayID” to settle fake overpayments, “upgrade” or “unlock” their accounts.

PayID will never contact you directly. If you encounter any issues with PayID please contact your bank.

Signs it’s a scam:

  • You receive an email claiming to be from PayID advising you have been paid, but no money appears in your bank account.

  • You are asked to pay money in order to settle an overpayment or to “unlock” or “upgrade” your account.

  • You are contacted by someone claiming they cannot pick the item up themselves and will have a family member do so on their behalf.

  • You are asked to receive payment via PayID, but also asked for your email address or other irrelevant contact information.

Scam: Fund in Processing / Excess payment alert

3 February 2023 – Job Scam Websites

There are a number of websites popping up which claim that you can earn money by completing tasks on that website. The tasks involve the victim using their own money to purchase products and services to boost seller’s visibility and/or ratings. Some examples are writing reviews for hotels or purchasing products from an alleged amazon or eBay seller. Payments for these products/services are to a BSB and account number provided. The idea is the victim will be paid a commission however, this may never come or very little will be received, but what is clear is you will not receive what is promised.

Scammers are reaching out to unsuspecting victims via WhatsApp and Telegram however, there are also advertisements circulating on Instagram and Facebook. Remember if something seems too good to be true, it often is. If you are approached or come across an advertisement that sounds like the above, remember to Stop, Check, and Reject and if you are ever unsure, please ask someone you trust or contact the organisation the message claims to be from.

Job scam examples