SMS and phishing alerts

We are aware that a number of customer PayIDs across multiple financial institutions, including Commonwealth Bank and Bankwest, have been accessed through another financial institution. The information disclosed includes details such as customer name, BSB and account number and may be used as part of scams and phishing attempts.

You may have received a fraudulent SMS.

The PayID scam via SMS or email may have your name or account details in it, like this example. If you have clicked a link from a  suspicious SMS or email, contact us on 13 2221 urgently.

Customers have reported receiving a phishing email that claims to be a security alert related to their Commonwealth Bank account. The email has been sent from a random sender email address, not one that looks like a CommBank address.

The subject line is: Notification N°27072019 or Notification N°28072019

The email claims that your account has been disabled due to access by an unrecognised device, and then asks you to click on a link to verify your account and restore account access.

Some customers have reported receiving a phishing email requesting them to verify their Commonwealth Bank account as part of a new security verification process.

The subject line is: Commbank: New security verification

The email has been sent from a random sender email address, not one that looks like a CommBank address.

A number of customers have reported receiving a phishing email that has been sent from an email address that makes it look like it has been sent from the Commonwealth Bank of Australia.

The subject line is: Commonwealth has restricted your account

The email claims that your account has been restricted due to irregular activity, and then contains a malicious link that says “To activate your account click here".

A number of customers have reported receiving a fake SMS which says in the sender field it comes from the Commonwealth Bank asking them to confirm their TFN number.

Customers have reported receiving a phishing email which looks as though it comes from the CBA and says in the sender address it is from the Commonwealth Bank of Australia.

The subject line is: Your Commonwealth bank account has been restricted.

The email starts by saying irregular activity has been detected and account access has been suspended with a malicious link labelled 'To restore access to your account click here' before referencing site maintenance. 

A number of customers have reported receiving a malicious SMS claiming NetBank access has been temporarily blocked. Please do not click on the link contained within the SMS and follow the advice outlined above. 

We’re aware of a hoax SMS offering a $500 bonus for testing Cardless Cash that may look as though it comes from NetBank including being grouped by your phone with other legitimate messages you may have received in the past from NetBank. If you receive this SMS please do not engage with it. Report the SMS to hoax@cba.com.au then delete it. 

We are aware a number of customer PayIDs and the associated identifier (customer name) have been accessed through another financial institution. Be reassured that your CommBank personal banking details were not affected and remain secure.

The ability to see the associated identifier (e.g. customer name) is an intentional feature of PayID so you can make sure you’re paying the right person, however your name and the mobile number linked to your PayID may be used as part of scams and phishing attempts.

You may have received a fraudulent SMS.

The PayID scam SMS may have your name in it, like this example. If you have clicked a link on a suspicious SMS, contact us or the other bank your PayID is registered with, urgently.