The below emails and SMS messages, which have been reported, are not from CommBank and are not authorised by us.
Keeping your accounts safe is our priority. Find out more about how to recognise hoaxes and what to do if you see one.
Scammers are currently offering fake Bonds purporting to be issued by various reputable and well-known companies in Australia. We have identified a variation of this scam where fake Fixed Income/Fixed Rate Bonds allegedly issued by the Commonwealth Bank of Australia are being offered.
The emails promoting this scam originate from fake domains such as @cba-invest.com instead of the legitimate CommBank domain (@cba.com.au). Furthermore, these scams often require payments to be made to non-CommBank accounts.
CommBank urges you to please pause, reflect and review carefully before proceeding when considering any investment opportunity. You can validate the authenticity of any investment product offered by CommBank by contacting us directly through our official phone numbers, a full list of which is provided on our Contact Us page. You can also review our investment scams information to learn more about recognising these scams.
We have noticed reports of the re-emergence of a campaign similar to one earlier reported in July. A fake email purporting to be from CommBank prompts recipients to click on a malicious link after telling them an unrecognised device has attempted to sign into their account.
This is not a legitimate communication. Do not click the link, reply to the email, or provide any details.
A CommBank-themed SMS phish is currently targeting customers.
The fraudulent message prompts recipients to click on a malicious link within the SMS in order to update their personal details.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.
A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.
The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity or unlock access to their CommBank accounts or cards.
This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.
These are not genuine CommBank communications. Do not click the link or reply to the sender.
A CommBank-themed SMS phish is currently targeting customers.
The fraudulent message prompts recipients to click on malicious links within the SMS on the basis that their access to NetBank, bank accounts, or bank cards is or will be restricted until further information is provided or actions taken.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.
Two CommBank-themed SMS phishing messages are currently targeting customers.
The fraudulent messages prompt recipients to click on malicious links within the SMS on the basis that their access to NetBank is or will be restricted until further information is provided or actions taken.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.
A CommBank-themed SMS phish campaign is currently targeting customers.
The fraudulent messages prompt recipients to click on malicious links within the SMS on the basis that they had not setup the new payee.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.
We are aware of text messages circulating which contain a link to malicious software. Current versions of this message advise of a missed call and include a link to allow you to listen to a voicemail.
If you click on this link, it may try and install software that will compromise your device, including user details and passwords; and/or allow unauthorised access to your accounts.
If you have clicked any suspicious links, or notice any unusual activity on your online banking, please contact us on 13 22 21, or find your nearest branch https://www.commbank.com.au/digital/locate-us/
See examples:
CommBank customers are being targeted with a phishing email with the subject line “Your CommBank is temporarily locked”. The email looks as though it comes from the CommBank address customeradvocate@cba.com.au and asks the customer to verify account details in order to restore access. This is not a genuine CommBank communication. Do not click the link and remember to always navigate to the site you know to be the legitimate NetBank login page before entering any details.
Three CommBank-themed SMS phishes are currently targeting customers.
The fraudulent messages prompt recipients to click on malicious links within the SMS on the basis that their access to NetBank, bank accounts, or bank cards is or will be restricted until further information is provided or actions taken.
These are not legitimate CommBank communications. Do not click on the link or reply to the sender.
To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications. For more details about our KYC processes, visit commbank.com.au/KYCcollect.
A CommBank-themed phishing SMS is currently in circulation.
The fraudulent message prompts recipients to click on a malicious link within the SMS by informing them that their debit or credit card has been suspended and details need to be updated.
This is not a genuine CommBank communication. Do not click on the link or reply to the sender.
A CommBank-themed phishing SMS is currently in circulation.
The fraudulent message prompts recipients to click on a malicious link within the SMS by informing them that their account is marked as insecure and NetCodes must be returned to confirm safety.
This is not a genuine CommBank communication. You should never share NetCodes. Do not click on the link or reply to the sender.
A CommBank-themed phishing email is currently in circulation.
This fraudulent email informs recipients that a document has been received, prompting users to log on and view the document by clicking on a malicious link within the email and entering their credentials.
This is not a genuine CommBank communication. Do not click the link or reply to the sender.
A large number of fraudulent SMS messages targeting CommBank customers are currently in circulation.
The messages prompt recipients to follow malicious links. The messages claim the recipient needs to take action to put a stop to suspicious activity or unlock access to their CommBank accounts or cards.
This is a common tactic used by attackers to create a false sense of urgency in order to make you do something you wouldn’t normally, such as providing your personal information or login credentials.
These are not genuine CommBank communications. Do not click the link or reply to the sender.
A CommBank-themed phishing email is currently in circulation. The email prompts recipients to click on a malicious link within the message by informing them that an unrecognised device has attempted to sign into their account and that account access has been disabled pending verification.
The phishing email appears to come from customeradvocate@cba.com.au. In this situation a legitimate CommBank email address has been "spoofed", which means the sender address has been forged to mislead you as to the email's origin. The communication itself is a phish. Do not click on the email or respond to the sender.
A phishing SMS targeting CommBank customers is in circulation.
The message informs recipients that online access is restricted and prompts users to follow a malicious link within the SMS. The malicious link contains the words “commbank” and “netbank” in order to trick the recipient. However, this is not a genuine CommBank communication.
Do not click the link, or reply to the sender.
Three CommBank-themed phishing SMS related to security are targeting customers.
The fraudulent messages prompt recipients to click on malicious links within the SMS and share Netcodes on the basis that insecure activity is occurring. This is a social engineering tactic to create a false sense of fear and trick you into doing something you wouldn't normally do. You should never share Netcodes. Please do not click the links or reply to these messages.
There is a CommBank-themed phishing email in circulation with the subject line ‘Security Alert’.
The phishing email purports to come from “Commonwealth support” and informs the recipient that their account is missing important security information. The fraudulent message prompts recipients to follow a link to update their information within 24 hours to avoid their account being locked.
If you receive this email, do not reply to sender, click any link within the email, or provide any information.
A number of customers have reported receiving a fraudulent SMS that claims their NetBank access has been restricted. The message prompts the recipient to follow a malicious link within the SMS in order to restore access. This is not a genuine CommBank communication. Do not click on the link or reply to the sender.
Customers have reported receiving a phishing email purporting to come from CommBank, with the subject line “You have received a new document”.
The fraudulent email informs the recipient that a new document is ready for review and can be seen by following a malicious link within the email to log on.
Do not click on links within the email, or reply to the sender. To be safe, always navigate directly to NetBank yourself and log on from the site you know to be genuine, rather than using any links in communications.
A fraudulent SMS is in circulation targeting CommBank customers. It informs the recipient that a payment has been made to a new biller, which can be cancelled by following a malicious link. This is not a genuine CommBank communication. Do not click the link or respond to the sender.
A CommBank-themed phishing SMS is currently in circulation.
The fraudulent message informs recipients that their NetBank has been locked, prompting them to click a malicious link within the message to restore access.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
A phishing email is currently targeting CommBank customers.
This email informs recipients that there have been multiple login attempts on their account with the wrong password entered. This message attempts to create a false sense of urgency by suggesting that their account will be suspended indefinitely unless the recipient updates their account information by following the link provided.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
A CommBank-themed phishing SMS is currently in circulation.
The fraudulent SMS alerts the recipient that all online banking access has been locked, prompting users to click on a malicious link in the SMS to verify their identity.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
Multiple CommBank-themed phishing SMS are currently in circulation.
The fraudulent messages alert recipients to suspicious activities regarding their banking, such as new NetBank payees and Apple Pay activity, and prompts the recipient to click on a malicious link in the SMS to verify the activity.
These are not genuine CommBank communications. Please do not click the link or respond to the sender.
A coronavirus-themed phishing email is currently targeting CommBank customers. This email informs recipients that they must update their personal details in order to use their NetBank account, due to the 'COVID-19 virus'. This phishing message also attempts to create a false sense of urgency, by suggesting that the link provided is only valid for one day.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
New variations of a CommBank-themed phishing SMS are in circulation.
The SMS alerts the customer that a new payee was created, prompting users to click on a malicious link in the SMS to cancel the payee.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
Some CommBank customers have received phishing SMS messages that claim NetBank access has been blocked. Message recipients are prompted to click on a malicious link in the SMS to restore account access.
These are not genuine CommBank communications. Please do not click on a link or reply to the sender.
Variations of a CommBank-themed phishing SMS are currently in circulation.
The SMS alerts the customer that there has been a new payee created or payment processed in NetBank, prompting users to click on the link in the SMS to cancel the payee or payment.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
Some customers have received hoax CommBank-themed SMS messages related to payees and PayID.
The messages claim that unusual account activity such as a new linked PayID or a payment made to a new payee has taken place, and prompt the recipient to click on the link if they did not initiate the activity.
These are not genuine CommBank communications. Please do not click on a link or reply to the sender.
Variations of a number of CommBank-themed phishing SMS messages are in circulation.
The messages claim that access to online banking services such as NetBank have been locked, suspended or restricted for security reasons. Message recipients are then prompted to click on a malicious link in the SMS to restore account access.
These are not genuine CommBank communications. Please do not click on a link or reply to the sender.
Some customers have received a NetBank alert phishing SMS.
The SMS tells customer that we've noticed unusual activity on their account and it's been frozen. The customer is prompted to click on a link.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
CommBank customers have received a hoax email with the subject line: Your online statement is ready.
The email prompts the user to click a link to view statements in NetBank.
Although the email claims to come from CommBank, the sender email address is not a legitimate CommBank domain.
This is not a genuine CommBank communication. Please do not click on the link or reply to the sender.
Variations of a CommBank-themed phishing SMS are currently in circulation.
The SMS informs the customer that in order to avoid service issues a form or application must be completed, and prompts users to click on the link in the SMS.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
A CommBank-themed phishing SMS is currently in circulation.
The SMS informs the customer that a suspicious login has been detected and the request must be blocked, prompting users to click on the link in the SMS.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
A CommBank-themed phishing SMS is currently in circulation. The SMS informs the customer that unusual activity has been detected on their account and prompts users to click on the link.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
CommBank customers have received a hoax email with the subject line: Alert: Document Report – We noticed about security maintenance.
The email prompts the user to verify the account, claiming it has been suspended due to suspicious activities.
This is not a genuine CommBank communication. Please do not click on the link or reply to the sender.
CommBank customers have been receiving hoax SMS messages, claiming to be a NetBank alert with a link.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
New SMS phishing campaigns have been reported by CommBank customers. These claim that debit card has been blocked/flagged for suspicious activity and request the recipient to review the card activities by clicking on the phishing link.
These are not genuine CommBank communications. Please do not click on the links or respond to the sender.
Similar to hoax messages seen in January and February, several new SMS phishing campaigns have been reported.
These claim the recipient’s account has been locked due to unusual/abnormal account activity and request the recipient to unlock the account by clicking on the phishing link.
These are not genuine CommBank communications. Please do not click on the links or respond to the sender.
A CommBank-themed phishing SMS is currently in circulation.
The SMS informs the customer that a security update has been released and prompts users to click on the link to download the update.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
CommBank customers have received a hoax email with the subject line: NetBank – Account Information.
The email prompts the user to verify the account, claiming it has been disabled due to unsuccessful login attempts.
This is not a genuine CommBank communication. Please do not click on the link or reply to the sender.
Some CommBank customers have received an email impersonating CommBank with the subject line: Important information about your account.
The email suggests that there has been multiple failed logon attempts into their account and asks them to confirm their account information by clicking the button.
This is not a genuine CommBank communication. Please do not click on the link or reply to the sender.
Example 2
Some CommBank customers have received a message claiming that their account may have been suspended. Recipients are prompted to click on the link to confirm the details.
This is not a genuine CommBank communication. Please do not click on the link or respond to the sender.
Some CommBank customers have received a CommBank-themed phishing email with the subject line "Important Notice". The email asks the customer to verify their identity and recent account activity by clicking the button.
This is not a genuine CommBank communication. Do not reply to the sender or click the button.
CommBank customers have been receiving hoax SMS messages, claiming to be a NetBank alert with a link.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
Some CommBank customers have received a phishing SMS claiming their CommBank account has been blocked due to unusual activity. It prompts the customer to click on a link to unlock the account, claiming that they will be charged a processing fee.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
Cybercriminals often try to take advantage of current events to create convincing phishing lures, including the current coronavirus situation. In a recent example, many Australians are receiving messages claiming to come from the Australian Government with information about local testing centres.
If you receive a suspicious message such as this, do not click on any links or respond to the sender, and instead, just delete the message.
Please check the ACSC’s Stay Smart Online alert service for the latest information about coronavirus-themed scams.
A number of customers have reported receiving a phishing email with the subject line: You Have 1 New Security Message Alert!
The email informs the customer about account information missing and asks them to verify account information by clicking on the link.
This is not a genuine CommBank communication. Please do not click the link or reply to the sender.
A phishing email is currently in circulation which is similar to the one seen in September 2019. The email has been made to appear that it has been sent from CommBank and claims that a customer’s account has been locked following multiple failed logon attempts. It directs a recipient to click and verify their details to avoid account suspension.
This is not a genuine CommBank communication. Do not click the link, provide any information or reply to the sender.
CommBank customers have reported receiving a hoax email claiming to come from CommBank Customer Service with the subject line: Notice!, followed by the date.
The email begins by stating that an account has been blocked in Commonwealth private portfolio and asks the recipient to verify their account by clicking on a phishing link so that access is not permanently blocked.
This is not a genuine CommBank communication. Do not click the link or reply to the sender.
Some CommBank customers have reported receiving an email with the subject line: “CommBank – Personal account on hold.”
The message prompts the customer to confirm card information by clicking on the link.
This is not a genuine CommBank communication. Do not click the link or reply to the sender.
A CommBank-themed phishing SMS is currently in circulation. The SMS informs the customer of an approved loan and prompts them to click on the link to review the application.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
Similar to hoax messages seen in January, several new SMS phishing campaigns have been reported. These claim there has been an unusual/suspicious login attempt and request the recipient to verify their identity by clicking on the phishing link.
These are not genuine CommBank communications. Please do not click on the links or respond to the sender.
A phishing email purporting to be from CommBank is in circulation with the subject line: Confirm account information.
The email prompts the customer to confirm their card information via a phishing link or says they will not be able use their NetBank account.
This is not a genuine CommBank communication. Please do not reply to the sender or click on the link.
Some CommBank customers have reported receiving an email with subject line: “Regarding your recent transaction.”
This email claims a recent deposit to the account could not been processed and prompts the customer to click a link to complete the transaction.
This is not a genuine CommBank communication. Do not click the link or reply to the sender.
CommBank customers have reported receiving a phishing email with the subject line CommBank – Internet Banking Notifications Inbox.
The phishing email claims it is from CommBank Internet Banking Help Centre and informs the customer they have a “new notification” relating to their CommBank online account which is followed by the phishing link.
If you receive this email, please do not reply to sender, click the link, or otherwise engage with the communication.
A number of customers have reported receiving an SMS which looks like it comes from the sender “CommBank” claiming their account has been blocked due to unusual activity. A phishing link is provided to start the ‘unlock procedure’ for the blocked account.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
A phishing SMS is currently in circulation which is similar to one seen in December last year. The SMS claims there has been an unusual login attempt with a supposed identity verification link included.
This is not a genuine CommBank communication. Please do not click the link or respond to the sender.
Another phishing SMS has surfaced in a similar theme to some seen in the latter part of 2019. The SMS claims account access has been suspended due to suspicious activity, with a phishing link included that purports to provide the user with an “unlock procedure”.
This is not a genuine CommBank communication.
A number of customers have reported receiving an SMS saying there has been unusual activity in their account including a link to “confirm identity”.
This is not a genuine CommBank communication. Please do not click the link or take any action off the back of this message.
Some customers have reported receiving a phishing email from “CommBank Trust Security.”
The subject line is: Activity Confirmation
The email asks the recipient to confirm transaction activity with a prompt to click on the link “Transaction Log”. The email uses a picture of a CommBank retail payments machine, and contains a genuine-looking CommBank footer, but none of the telephone numbers referred to in this email are legitimate CommBank numbers.
This is not a genuine CBA communication. Please do not click on the link or reply to the sender.
Hoax SMS messages claiming that the recipient's NetBank access has been revoked are currently in circulation. The message directs the recipient to a fake login page designed to convince a customer to enter their NetBank login details. Although these SMS are similar to previously seen account locked messages, they use a customer's first and last name in the communication.
Please be aware that these are not genuine CommBank communications.
An SMS hoax similar to one first seen on 12 November is circulating, telling the recipient that their account has been frozen for compliance checks at the request of law enforcement agencies. The link directs the recipient to a page where they are asked to enter their login credentials.
This is not a genuine CommBank communication.
A SMS phish first seen in June this year has resurfaced. The SMS offers the recipient a $500 bonus for testing cardless cash functionality. If the recipient clicks the link provided, they will be taken to a page that greets them by their name and asks them to create a $500 cash code, the details of which are then requested with the customer promised the bonus in return.
This is not a genuine CBA communication.
A SMS phish is circulating telling the recipient their account has been frozen for compliance checks at the request of anti-corruption agencies.
The link takes the recipient to a false login page designed to get the customer to enter their NetBank login credentials.
This is not a genuine CBA communication.
This phishing email arrives with the from name “Commonwealth” with the subject line: [Alert] We need your attention.
The body of the email contains a phishing link in a call to action to add a phone number in order to continue using your online bank access.
There are also additional links in the email to open the email in a web browser or view online.
You should not click any of these links or reply to the sender.
This SMS begins with identifying itself as an “important message” from CommBank and tells customers their NetBank access cards have been suspended with a request to click on a link to restore access.
You should not respond to the message or click the link.
Some CommBiz customers have reported receiving a phishing email with the subject line CommBiz: Direct Debit initiated by the Australian Taxation Office.
The phishing email purports to come from “CommBiz notifications” and requests the recipient to click a link to manage the direct debit request. The link would then take you to a fake CommBiz page to try and get customers to enter their login credentials.
If you receive this email, please do not reply to sender, click the link, or provide any information.
A number of customers have reported receiving a text message which looks like it comes from the sender “CommBank” claiming NetBank access has been restricted and containing a phishing link.
This message is not genuine. CommBank will never send you an alert message containing a hyperlink. If you receive this, do not reply and do not click the link.
Over the weekend we’ve seen a number of fake SMS messages purporting to come from CommBank. All are pointing to the same URL but we’re seeing some variations in the messaging, however all are focused on the themes of accounts being locked or suspended due to suspicious activity with the call to click being to verify or confirm accounts or identities to avoid lock out.
The bank will never send you an SMS of this nature asking you to click a link to verify any information.
Do not click the link or respond to the sender for any of these communications.
Some customers have reported receiving a phishing email with the subject line Your Commonwealth Bank account is temporarily restricted. It takes a genuine CommBank header and imagery related to insurance but alters the message to read “We notice irregular activity on your Commonwealth bank account, therefore, we have restricted access to your account.” This is followed by a prompt to click to restore access.
This email is not a genuine CBA communication. Please do not click the link or reply to the sender.
We have got reports of customers receiving a phishing SMS which begins Attention! Your Commbank account suspended and then directs people to click a link to restore access.
Please do not click on the link or reply to the sender. Delete the message.
People have reported receiving an email where it looks like the sender is CommBank with the subject line Case ID followed by a number.
The email begins Dear valued member and claims there have been multiple attempts to log into your account with incorrect passwords then directs you to click and verify your details to avoid account suspension.
This is not a genuine CommBank communication. Do not click the link, provide any information or reply to the sender.
We are aware that a number of customer PayIDs across multiple financial institutions, including Commonwealth Bank and Bankwest, have been accessed through another financial institution. The information disclosed includes details such as customer name, BSB and account number and may be used as part of scams and phishing attempts.
You may have received a fraudulent SMS.
The PayID scam via SMS or email may have your name or account details in it, like this example. If you have clicked a link from a suspicious SMS or email, contact us on 13 2221 urgently.
Customers have reported receiving a phishing email that claims to be a security alert related to their Commonwealth Bank account. The email has been sent from a random sender email address, not one that looks like a CommBank address.
The subject line is: Notification N°27072019 or Notification N°28072019
The email claims that your account has been disabled due to access by an unrecognised device, and then asks you to click on a link to verify your account and restore account access.
Some customers have reported receiving a phishing email requesting them to verify their Commonwealth Bank account as part of a new security verification process.
The subject line is: Commbank: New security verification
The email has been sent from a random sender email address, not one that looks like a CommBank address.
A number of customers have reported receiving a phishing email that has been sent from an email address that makes it look like it has been sent from the Commonwealth Bank of Australia.
The subject line is: Commonwealth has restricted your account
The email claims that your account has been restricted due to irregular activity, and then contains a malicious link that says “To activate your account click here".
A number of customers have reported receiving a fake SMS which says in the sender field it comes from the Commonwealth Bank asking them to confirm their TFN number.
Customers have reported receiving a phishing email which looks as though it comes from the CBA and says in the sender address it is from the Commonwealth Bank of Australia.
The subject line is: Your Commonwealth bank account has been restricted.
The email starts by saying irregular activity has been detected and account access has been suspended with a malicious link labelled 'To restore access to your account click here' before referencing site maintenance.
A number of customers have reported receiving a malicious SMS claiming NetBank access has been temporarily blocked. Please do not click on the link contained within the SMS and follow the advice outlined above.
We’re aware of a hoax SMS offering a $500 bonus for testing Cardless Cash that may look as though it comes from NetBank including being grouped by your phone with other legitimate messages you may have received in the past from NetBank. If you receive this SMS please do not engage with it. Report the SMS to hoax@cba.com.au then delete it.
We are aware a number of customer PayIDs and the associated identifier (customer name) have been accessed through another financial institution. Be reassured that your CommBank personal banking details were not affected and remain secure.
The ability to see the associated identifier (e.g. customer name) is an intentional feature of PayID so you can make sure you’re paying the right person, however your name and the mobile number linked to your PayID may be used as part of scams and phishing attempts.
You may have received a fraudulent SMS.
The PayID scam SMS may have your name in it, like this example. If you have clicked a link on a suspicious SMS, contact us or the other bank your PayID is registered with, urgently.
