The e-mail began circulating yesterday evening. However, by this morning the false link contained in the scam message was re-directing to the bank's legitimate Web site. A trace-route indicates the IP address of the scam-site belongs to a server located somewhere in Central Asia.
The text of the message, which is designed to appear to originate from "customers@commbank.com.au" and has the subject line "Update Information," has appeared in many scam messages which have targeted customers of other Australian banks.
"Our new security system will help you to avoid frequently fraud transactions and to keep your investments in safety," it reads. "Due to technical update we recommend you to reactivate your account."
The Commonwealth Bank has placed a warning in a pop-up window displayed on the legitimate NetBank site. "The Commonwealth Bank advises that some customers have recently received fraudulent email requests," it reads. "If you received an email requesting your NetBank Client Number and Password or requesting you to click through to a site to log on to NetBank, please delete it. It is not from the Commonwealth Bank."
The message also includes some tips for users. "Always log in directly from your browser and make sure it is via our authorised site address www.commbank.com.au. When using NetBank, check for a locked padlock symbol at the bottom right corner of your browser."
A spokesperson from the Commonwealth Bank told ZDNet Australia that at this stage it appears that no customers were affected. "We've believe we've successfully circumvented it at this stage," the spokesperson said. "We've contacted the police and are working with them to locate the persons behind this attempt."
