Help & support
A number of CommBank-themed phishing emails and SMS are currently in circulation.
These fraudulent communications inform recipients that their NetBank will be stopped or restricted if they fail to login, or complete other actions such as verifying details or recording “touch behaviour”, by clicking on a malicious link within the email and entering their credentials or completing a verification process.
This is not a genuine CommBank communication. Do not click the link or reply to the sender.
A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.
The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity or unlock access to their CommBank accounts or cards.
This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.
These are not genuine CommBank communications. Do not click the link or reply to the sender.
A CommBank-themed phishing email is currently in circulation. The email prompts recipients to click on a malicious link within the message by informing them that an unrecognised device has attempted to sign into their account and that account access has been disabled pending verification.
The phishing email appears to come from firstname.lastname@example.org. In this situation a legitimate CommBank email address has been "spoofed", which means the sender address has been forged to mislead you as to the email's origin. The communication itself is a phish. Do not click on the email or respond to the sender.
Over the weekend we’ve seen a number of fake SMS messages purporting to come from CommBank. All are pointing to the same URL but we’re seeing some variations in the messaging, however all are focused on the themes of accounts being locked or suspended due to suspicious activity with the call to click being to verify or confirm accounts or identities to avoid lock out.
The bank will never send you an SMS of this nature asking you to click a link to verify any information.
Do not click the link or respond to the sender for any of these communications.
We are aware a number of customer PayIDs and the associated identifier (customer name) have been accessed through another financial institution. Be reassured that your CommBank personal banking details were not affected and remain secure.
The ability to see the associated identifier (e.g. customer name) is an intentional feature of PayID so you can make sure you’re paying the right person, however your name and the mobile number linked to your PayID may be used as part of scams and phishing attempts.
You may have received a fraudulent SMS.
The PayID scam SMS may have your name in it, like this example. If you have clicked a link on a suspicious SMS, contact us or the other bank your PayID is registered with, urgently.