Commbank’s customers have been warned about phishing scams which could threaten the financial safety of its customers, but this scam applies across the board to all merchants, and all customers should take care not to fall for the viscious emails designed to steal your money from and your good credit rating.

By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and

In June, for Cyber Security Awareness Week 2012, we explored the prevalence of phishing scams in Australia – particularly around merchants – banks, credit cards and even Paypal.

In the posts Experts say getting hooked by Australian Paypal or Amex phishing scams could result in identity theft and following on with Company Obligations on Phishing Scams we looked at both the ramifications of falling for phishing scams in terms of bad credit from identity theft on your credit file and the possible obligations of companies to inform their customers when the company name is being used to promote a phishing scam.

Commonwealth Bank is the latest company to warn customers about these phishing scams which are hooking many people with their clever requests and look-alike websites.

The emails are to do with account verification.

The phishing email asks the customer to verify their details due to a high instance of fraudulent activity. Once they click on the link, they are diverted to the fake bank website, where they enter their personal details and banking information into the so-called “customer” database. At which point if people take the bait they are in reality leaving themselves at very high risk of not only bank fraud, but identity theft through revealing their personal information.

Commbank recently released a statement on its blog warning its customers about the prevalence of such scams in its post Alert: Identity theft targeting Australian consumers:

The Commonwealth Bank of Australia is currently investigating a new identity theft scam which is targeting customers of financial institutions, including Australian banks. The scam aims to steal personally identifiable information such as your Internet Banking username and password, passport, driver’s licence, Medicare and birth certificate details.

The scam manipulates consumers to believe they are using their bank’s normal Internet Banking website, when they are actually using a fake website controlled by the scammers.

The fake website prompts the consumer to login with their username and password, upon which they are presented with a screen similar to below.

The message states: “Due to recent frudulant

[sic] use of NetBank services we require an Electronic ID Check to verify your identity. This is a one-off process.”

If you see this message, we recommend you:

i) DO NOT enter your personal details;
ii) Contact your financial institution immediately. NetBank customers should phone 13 22 21;
iii) Install and run a trusted anti-virus program on your computer;
iv) Importantly, you may need to reset or reconfigure your Internet modem or router. We recommend contacting your Internet Service Provider to verify your modem or router has the correct DNS settings.
v) In your web browser, enter the full address of your Internet Banking website beginning with https:// (for example, Entering the ‘s’ in https:// makes it is easier to tell whether or not you are interacting with the legitimate Internet Banking website. If you receive security warnings, or no response, it may be an indication you are affected by the scam.

Commbank reports that these quite legitimate looking emails have not only been asking for account information, but even more alarmingly – identifiable personal information such as a copy of the customer’s birth certificate, copy of passport and copy of driver’s licence.

This kind of information in the wrong hands is going to land someone in a whole lot of hot water with unpaid debts, and in turn threaten the clearness of their credit file. Not to mention the risk involved in just clicking on any attachment – opening the customer up for Trojan viruses and other cyber-nasties.

If the fraudster is able to construct a fake identity from the personal information they have gained, it means they have access to their victim’s good name through their credit rating.

The fraudster can potentially run up credit all over town in the victim’s name. If the crime is fairly sophisticated, most victims don’t know about it until they have a string of defaults weighing heavy against their name, and the obligation then to prove it was not them that instigated the credit in the first place.

And so ensues a pretty stressful, difficult time for the victim. With this type of fraud they have not only lost money from their accounts, but are staring down the barrel of credit refusal for 5 years with a string of defaults they’re not responsible for. It’s not always easy to prove your innocence – sometimes people don’t know how identity theft has occurred and often the crooks are working from overseas syndicates and are difficult to trace.

So here’s what the screen might look like – avoid it and avoid identity theft and its evil twin, bad credit.

But if you have clicked on a link like this – I would recommend thinking about changing your passwords anyway before using any merchant from that computer again – just in case you’ve downloaded malware with your attachment.

If you think you are the victim of identity theft, you should immediately contact Police. Also, if want to fix your bad credit after identity theft, talk to our Credit Repair Advisors at MyCRA Credit Rating Repairs about your situation and they can help you make the right moves to restore your good name. Call 1300 667 218.

Image identity theft: chanpipat/

Image screen shot phishing scam: courtesy Commbank blog site: