Latest security alerts

Hoax SMS messages claiming that the recipient's NetBank access has been revoked are currently in circulation. The message directs the recipient to a fake login page designed to convince a customer to enter their NetBank login details. Although these SMS are similar to previously seen account locked messages, they use a customer's first and last name in the communication.

Please be aware that these are not genuine CommBank communications. 

An SMS hoax similar to one first seen on 12 November is circulating, telling the recipient that their account has been frozen for compliance checks at the request of law enforcement agencies. The link directs the recipient to a page where they are asked to enter their login credentials.

This is not a genuine CommBank communication.

A SMS phish first seen in June this year has resurfaced. The SMS offers the recipient a $500 bonus for testing cardless cash functionality. If the recipient clicks the link provided, they will be taken to a page that greets them by their name and asks them to create a $500 cash code, the details of which are then requested with the customer promised the bonus in return. 

This is not a genuine CBA communication.  

A SMS phish is circulating telling the recipient their account has been frozen for compliance checks at the request of anti-corruption agencies.

The link takes the recipient to a false login page designed to get the customer to enter their NetBank login credentials.

This is not a genuine CBA communication. 

This phishing email arrives with the from name “Commonwealth” with the subject line: [Alert] We need your attention.

The body of the email contains a phishing link in a call to action to add a phone number in order to continue using your online bank access.

There are also additional links in the email to open the email in a web browser or view online.

You should not click any of these links or reply to the sender.

This SMS begins with identifying itself as an “important message” from CommBank and tells customers their NetBank access cards have been suspended with a request to click on a link to restore access.

You should not respond to the message or click the link.

Some CommBiz customers have reported receiving a phishing email with the subject line CommBiz: Direct Debit initiated by the Australian Taxation Office.

The phishing email purports to come from “CommBiz notifications” and requests the recipient to click a link to manage the direct debit request. The link would then take you to a fake CommBiz page to try and get customers to enter their login credentials.

If you receive this email, please do not reply to sender, click the link, or provide any information. 

Open larger image

A number of customers have reported receiving a text message which looks like it comes from the sender “CommBank” claiming NetBank access has been restricted and containing a phishing link.

This message is not genuine. CommBank will never send you an alert message containing a hyperlink. If you receive this, do not reply and do not click the link.  

Example 5

Some customers have reported receiving a phishing email with the subject line Your Commonwealth Bank account is temporarily restricted. It takes a genuine CommBank header and imagery related to insurance but alters the message to read “We notice irregular activity on your Commonwealth bank account, therefore, we have restricted access to your account.” This is followed by a prompt to click to restore access.

This email is not a genuine CBA communication. Please do not click the link or reply to the sender.

We have got reports of customers receiving a phishing SMS which begins Attention! Your Commbank account suspended and then directs people to click a link to restore access.

Please do not click on the link or reply to the sender. Delete the message. 

People have reported receiving an email where it looks like the sender is CommBank with the subject line Case ID followed by a number.

The email begins Dear valued member and claims there have been multiple attempts to log into your account with incorrect passwords then directs you to click and verify your details to avoid account suspension.

This is not a genuine CommBank communication. Do not click the link, provide any information or reply to the sender. 

We are aware that a number of customer PayIDs across multiple financial institutions, including Commonwealth Bank and Bankwest, have been accessed through another financial institution. The information disclosed includes details such as customer name, BSB and account number and may be used as part of scams and phishing attempts.

You may have received a fraudulent SMS.

The PayID scam via SMS or email may have your name or account details in it, like this example. If you have clicked a link from a  suspicious SMS or email, contact us on 13 2221 urgently.

Customers have reported receiving a phishing email that claims to be a security alert related to their Commonwealth Bank account. The email has been sent from a random sender email address, not one that looks like a CommBank address.

The subject line is: Notification N°27072019 or Notification N°28072019

The email claims that your account has been disabled due to access by an unrecognised device, and then asks you to click on a link to verify your account and restore account access.

Some customers have reported receiving a phishing email requesting them to verify their Commonwealth Bank account as part of a new security verification process.

The subject line is: Commbank: New security verification

The email has been sent from a random sender email address, not one that looks like a CommBank address.

A number of customers have reported receiving a phishing email that has been sent from an email address that makes it look like it has been sent from the Commonwealth Bank of Australia.

The subject line is: Commonwealth has restricted your account

The email claims that your account has been restricted due to irregular activity, and then contains a malicious link that says “To activate your account click here".

A number of customers have reported receiving a fake SMS which says in the sender field it comes from the Commonwealth Bank asking them to confirm their TFN number.

Customers have reported receiving a phishing email which looks as though it comes from the CBA and says in the sender address it is from the Commonwealth Bank of Australia.

The subject line is: Your Commonwealth bank account has been restricted.

The email starts by saying irregular activity has been detected and account access has been suspended with a malicious link labelled 'To restore access to your account click here' before referencing site maintenance. 

A number of customers have reported receiving a malicious SMS claiming NetBank access has been temporarily blocked. Please do not click on the link contained within the SMS and follow the advice outlined above. 

We’re aware of a hoax SMS offering a $500 bonus for testing Cardless Cash that may look as though it comes from NetBank including being grouped by your phone with other legitimate messages you may have received in the past from NetBank. If you receive this SMS please do not engage with it. Report the SMS to hoax@cba.com.au then delete it. 

We are aware a number of customer PayIDs and the associated identifier (customer name) have been accessed through another financial institution. Be reassured that your CommBank personal banking details were not affected and remain secure.

The ability to see the associated identifier (e.g. customer name) is an intentional feature of PayID so you can make sure you’re paying the right person, however your name and the mobile number linked to your PayID may be used as part of scams and phishing attempts.

You may have received a fraudulent SMS.

The PayID scam SMS may have your name in it, like this example. If you have clicked a link on a suspicious SMS, contact us or the other bank your PayID is registered with, urgently.