A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.
The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity or unlock access to their CommBank accounts or cards.
This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.
These are not genuine CommBank communications. Do not click the link or reply to the sender.
A CommBank-themed phishing email is currently in circulation. The email prompts recipients to click on a malicious link within the message by informing them that an unrecognised device has attempted to sign into their account and that account access has been disabled pending verification.
The phishing email appears to come from firstname.lastname@example.org. In this situation a legitimate CommBank email address has been "spoofed", which means the sender address has been forged to mislead you as to the email's origin. The communication itself is a phish. Do not click on the email or respond to the sender.
Over the weekend we’ve seen a number of fake SMS messages purporting to come from CommBank. All are pointing to the same URL but we’re seeing some variations in the messaging, however all are focused on the themes of accounts being locked or suspended due to suspicious activity with the call to click being to verify or confirm accounts or identities to avoid lock out.
The bank will never send you an SMS of this nature asking you to click a link to verify any information.
Do not click the link or respond to the sender for any of these communications.