The Commonwealth Bank of Australia is currently investigating a new identity theft scam which is targeting customers of financial institutions, including Australian banks. The scam aims to steal personally identifiable information such as your Internet Banking username and password, passport, driver’s licence, Medicare and birth certificate details.
The scam manipulates consumers to believe they are using their bank’s normal Internet Banking website, when they are actually using a fake website controlled by the scammers.
The fake website prompts the consumer to login with their username and password, upon which they are presented with a screen similar to below.
The message states: “Due to recent frudulant[sic] use of NetBank services we require an Electronic ID Check to verify your identity. This is a one-off process.”
If you see this message, we recommend you:
i) DO NOT enter your personal details;
ii) Contact your financial institution immediately. NetBank customers should phone 13 22 21;
iii) Install and run a trusted anti-virus program on your computer;
iv) Importantly, you may need to reset or reconfigure your Internet modem or router. We recommend contacting your Internet Service Provider to verify your modem or router has the correct DNS settings.
v) In your web browser, enter the full address of your Internet Banking website beginning with https:// (for example, https://www.netbank.commbank.com.au). Entering the ‘s’ in https:// makes it is easier to tell whether or not you are interacting with the legitimate Internet Banking website. If you receive security warnings, or no response, it may be an indication you are affected by the scam.
The screen below is an example of what the phishing website may look like. Please click to expand for full size.
