Is that really from CommBank?

The below emails and SMS messages, which have been reported, are not from CommBank and are not authorised by us. 

  • Remember, we'll never ask you for your banking information by email or text message
  • Stop and think before you click
  • To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications
  • Report suspicious emails to hoax@cba.com.au then delete them straight after. Do not reply or engage with them

Keeping your accounts safe is our priority. Find out more about how to recognise hoaxes and what to do if you see one

14 October – Variations on unusual activity / account locked smishes

Over the weekend we’ve seen a number of fake SMS messages purporting to come from CommBank. All are pointing to the same URL but we’re seeing some variations in the messaging, however all are focused on the themes of accounts being locked or suspended due to suspicious activity with the call to click being to verify or confirm accounts or identities to avoid lock out.

The bank will never send you an SMS of this nature asking you to click a link to verify any information.

Do not click the link or respond to the sender for any of these communications.  

Screenshot of example 1

Example 2

Screenshot of example 2

Example 3

Screenshot of example 3

Example 4

Screenshot of example 4

Example 5

Screenshot of example 5

20 September - Account temporarily restricted

Some customers have reported receiving a phishing email with the subject line Your Commonwealth Bank account is temporarily restricted. It takes a genuine CommBank header and imagery related to insurance but alters the message to read “We notice irregular activity on your Commonwealth bank account, therefore, we have restricted access to your account.” This is followed by a prompt to click to restore access.

This email is not a genuine CBA communication. Please do not click the link or reply to the sender.

Email - Account temporarily restricted

20 September - Attention! Commbank account suspended SMS

We have got reports of customers receiving a phishing SMS which begins Attention! Your Commbank account suspended and then directs people to click a link to restore access.

Please do not click on the link or reply to the sender. Delete the message. 

Attention! CommBank account suspended SMS

14 September - Case ID phishing email

People have reported receiving an email where it looks like the sender is CommBank with the subject line Case ID followed by a number.

The email begins Dear valued member and claims there have been multiple attempts to log into your account with incorrect passwords then directs you to click and verify your details to avoid account suspension.

This is not a genuine CommBank communication. Do not click the link, provide any information or reply to the sender. 

Case ID account temporarily suspended

20th August 2019 - PayID scam

We are aware that a number of customer PayIDs across multiple financial institutions, including Commonwealth Bank and Bankwest, have been accessed through another financial institution. The information disclosed includes details such as customer name, BSB and account number and may be used as part of scams and phishing attempts.

You may have received a fraudulent SMS.

The PayID scam via SMS or email may have your name or account details in it, like this example. If you have clicked a link from a  suspicious SMS or email, contact us on 13 2221 urgently.

SMS scam example: Dear customer, your account may be suspended. Please complete verification

29 July 2019 – Security alert phishing email

Customers have reported receiving a phishing email that claims to be a security alert related to their Commonwealth Bank account. The email has been sent from a random sender email address, not one that looks like a CommBank address.

The subject line is: Notification N°27072019 or Notification N°28072019

The email claims that your account has been disabled due to access by an unrecognised device, and then asks you to click on a link to verify your account and restore account access.

Scam example: Security alert email

29 July 2019 –Fake security verification email

Some customers have reported receiving a phishing email requesting them to verify their Commonwealth Bank account as part of a new security verification process.

The subject line is: Commbank: New security verification

The email has been sent from a random sender email address, not one that looks like a CommBank address.

Scam example: New security verification email

26 July 2019 – Boost your savings phishing email

A number of customers have reported receiving a phishing email that has been sent from an email address that makes it look like it has been sent from the Commonwealth Bank of Australia.

The subject line is: Commonwealth has restricted your account

The email claims that your account has been restricted due to irregular activity, and then contains a malicious link that says “To activate your account click here".

SMS scam example: Boost your savings

22nd July 2019 - TFN check SMS

A number of customers have reported receiving a fake SMS which says in the sender field it comes from the Commonwealth Bank asking them to confirm their TFN number.

SMS scam example: Check your TFN

21st July 2019 - Important update phishing email

Customers have reported receiving a phishing email which looks as though it comes from the CBA and says in the sender address it is from the Commonwealth Bank of Australia.

The subject line is: Your Commonwealth bank account has been restricted.

The email starts by saying irregular activity has been detected and account access has been suspended with a malicious link labelled 'To restore access to your account click here' before referencing site maintenance. 

Email scam example: Important update

15th July 2019 - NetBank locked

A number of customers have reported receiving a malicious SMS claiming NetBank access has been temporarily blocked. Please do not click on the link contained within the SMS and follow the advice outlined above. 

SMS scam example: Your NetBank access has been temporarily blocked.

5th June 2019 - Test the CommBank app

We’re aware of a hoax SMS offering a $500 bonus for testing Cardless Cash that may look as though it comes from NetBank including being grouped by your phone with other legitimate messages you may have received in the past from NetBank. If you receive this SMS please do not engage with it. Report the SMS to hoax@cba.com.au then delete it. 

SMS scam example: Dear customer, your account may be suspended. Please complete verification

4th June 2019 - PayID scam

We are aware a number of customer PayIDs and the associated identifier (customer name) have been accessed through another financial institution. Be reassured that your CommBank personal banking details were not affected and remain secure.

The ability to see the associated identifier (e.g. customer name) is an intentional feature of PayID so you can make sure you’re paying the right person, however your name and the mobile number linked to your PayID may be used as part of scams and phishing attempts.

You may have received a fraudulent SMS.

The PayID scam SMS may have your name in it, like this example. If you have clicked a link on a suspicious SMS, contact us or the other bank your PayID is registered with, urgently.

SMS scam example: Dear customer, your account may be suspended. Please complete verification