Australians hit by online bank fraud

Some customers of the Commonwealth Bank of Australia have been fooled into revealing client numbers and passwords. A domain-name provider has also been hit
Written by James Pearce, Contributor and  Stephen Withers, Contributor

The Commonwealth Bank of Australia has revealed that some customers have been tricked into revealing their online banking client numbers and passwords after receiving a spam mail claiming to be from the bank.

The message has the subject "Netbank Security Server Update" and asks recipients to reactivate their Netbank accounts. The HTML message grabs a genuine Commonwealth Bank graphic, but the hyperlink that purports to take the reader to the NetBank site actually points to a server identified only by an IP address.

Anyone viewing the message as plain text is unlikely to be fooled, but the default setting for many email programs is to show HTML messages fully-formatted. The IP address used by the bogus Web site is apparently allocated to a Taiwanese telco, but the site itself has now been taken offline.

"If customers have received an email requesting personal information they should delete it. It is not from the Commonwealth Bank," read an advisory issued by the bank. The bank goes on to advise anyone who responded to the instructions in the fraudulent email to change their password via the Netbank site, and check their account details.

The spam contains other clues that it is fraudulent, including awkward phrasing such as "to keep your investments in safety" and grammatical errors, for example, "Due to technical update we recommend you to reactivate your account".

"We are working closely with the relevant authorities to identify persons behind these attempts to defraud," said John Geurts, head of group security at Commonwealth Bank, in a statement.

The bank is assuring customers that the Netbank system is secure.

Customers of Melbourne IT, an Australian domain name provider, have also been targeted by spammers seeking credit card details. The spam uses a malformed URL to make it appear to be from Melbourne IT, and claiming the customers need to renew their domain or risk losing it.

The Web site users are taken to has nothing to do with Melbourne IT, and does not use a secure connection, despite an "important security notice" on the site claiming it uses 128-bit SSL. Melbourne IT has issued a statement advising people to ensure that any site in which credit card details are entered is secure, which is denoted by a padlock symbol at the bottom of the browser.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

Editorial standards