What are phishing and SMiShing scams?

  • Phishing is when a scammer sends an email that appears to be from a trusted source, often including an urgent ‘call to action’ like asking you to unlock or verify an account, log on to your bank accounts or make a payment immediately. 

    SMiShing is a type of phishing where the message is sent via SMS text message rather than email.

    Once you click on the link or open the attachment, you may be asked to enter your personal information such as such as card numbers, NetBank client number, banking passwords and NetCodes. Malware could also be installed on your device or you might receive a call where scammers attempt to convince you to share personal or banking details with them.

    Scammers may use this information to access your bank accounts to make payments online, register for a new CommBank app or activate digital wallets like Apple Pay or Google Pay.

    If you’re worried you’ve clicked on a link in a scam message, follow these quick instructions on how to contact us and what you can do to protect yourself.

Received a suspicious message? 

Check out the latest scams and security alerts, to see if we’ve identified it as a scam.

See latest scams

Protect yourself from phishing scams

Protect yourself from phishing scams

Tips to stay safe

    • We'll never send you an email or SMS asking for banking information like your NetBank Client ID, password, or NetCode; or include a link to login directly from an email or SMS
    • If you’re ever unsure whether an email, message or phone call is legitimately from CommBank, please message us in the CommBank app, or visit us in a branch so we can assist you
    • If someone calls you and claims to be from CommBank, you can ask them to verify their identity in the app using Callercheck
    • To be safe, always navigate directly to NetBank yourself and log on from the site you know to be legitimate, rather than using any links in communications
    • You can report suspicious emails or texts to hoax@cba.com.au then delete them straight after. Don’t reply or engage with them
  • 1. Stop

    Does a call, email or text seem off? The best thing to do is stop. Take a breath. Real organisations won’t put you under pressure to act instantly.

    2. Check

    Ask someone you trust or contact the organisation the message claims to be from.

    3. Reject

    If you’re unsure, delete the email or text and block the phone number. Change your passwords.

Think you've been scammed?

Message us immediately if you're worried about the security of your account. Our virtual assistant Ceba can help you lock your card or securely connect you to a specialist. 

How to message us

Get help

Been scammed? What next?

  • Get in touch

    If you (or someone you know) is a CommBank customer and has been targeted or lost money as a result of being scammed, contact us.

    Report it

    Report the scam via the Australian Cyber Security Centre. Reports may be referred to the police for possible investigation.

    Take control and stay protected

    Change your passwords and PINs straight away if you suspect your security has been compromised. Change these regularly as a preventative measure.

    Seek support

    Contact IDCARE on 1800 595 160. IDCARE is a free, government-funded service that provides support to victims of identity crime.

    Visit the ScamWatch website for more information on scams.