Australians hit by online bank spam fraud

The Commonwealth Bank of Australia has revealed that some of its customers have been tricked into revealing their online banking numbers and passwords after receiving a spam mail claiming to be from the bank.

The message has the subject "Netbank Security Server Update" and asks recipients to reactivate their Netbank accounts. The HTML message grabs a genuine Commonwealth Bank graphic, but the hyperlink that purports to take the reader to the NetBank site actually points to a server identified only by an IP address.

Anyone viewing the message as plain text is unlikely to be fooled, but the default setting for many email programs is to show HTML messages fully-formatted. The IP address used by the bogus website is apparently allocated to a Taiwanese telco, but the site itself has now been taken offline.

"If customers have received an email requesting personal information they should delete it. It is not from the Commonwealth Bank," read an advisory issued by the bank. The bank goes on to advise anyone who responded to the instructions in the fraudulent email to change their password via the Netbank site, and check their account details.

The spam contains other clues that it is fraudulent, including awkward phrasing such as "to keep your investments in safety" and grammatical errors, for example, "Due to technical update we recommend you to reactivate your account".

John Geurts, head of group security at Commonwealth Bank, said in a statement: "We are working closely with the relevant authorities to identify persons behind these attempts to defraud."

The bank is assuring customers that the Netbank system is secure.

Customers of Melbourne IT, an Australian domain name provider, have also been targeted by spammers seeking credit card details. The spam uses a malformed URL to make it appear to be from Melbourne IT, and claiming the customers need to renew their domain or risk losing it.

The website users are taken to has nothing to do with Melbourne IT, and does not use a secure connection, despite an "important security notice" on the site claiming it uses 128-bit SSL. Melbourne IT has issued a statement advising people to ensure that any site in which credit card details are entered is secure, which is denoted by a padlock symbol at the bottom of the browser.

James Pearce and Stephen Withers write for ZDNet Australia