Commonwealth Bank of Australia Phishing

Phishing targeting Commonwealth Bank customers

by

Rohit Patil

Security researchers at Shreshta IT, using our threat intelligence platform SDINET, have identified a phishing website targeting customers of the Commonwealth Bank of Australia.

About Commonwealth Bank

The Commonwealth Bank of Australia (CBA), or CommBank, is an Australian multinational bank with businesses across New Zealand, Asia, the United States, and the United Kingdom. It provides a variety of financial services including retail, business, and institutional banking, funds management, superannuation, insurance, investment, and broking services.1

Phishing page impersonating Commonwealth Bank customers

Phishing page impersonating Commonwealth Bank customers
Image – Screenshot of Phishing website mycommbank[.]account-verify[.]app

Phishing website – Login page of commonwealth netbanking

Phishing website - Login page of commonwealth netbanking
Image – screenshot of mycommbank[.]account-verify[.]app

Phishing website – which ask for credit/debit card details

Phishing website which ask for credit/debit card details
Image – screenshot of mycommbank[.]account-verify[.]app/default2[.]php page in the phishing website

Phishing Page – Which says your Netbanking data has been restored.

Phishing Page which says your Netbanking data has been restored.
Image – screenshot mycommbank[.]account-verify[.]app/thanks[.]php page in the phishing website
Modus Operandi

A successful phishing attack through this website can provide the attacker with Personally Identifiable Information (PII) of the user:

  • Login details of the commonwealth bank net banking
  • Personal Identifiable Information (PII), including card details, CVV Number, etc.
  • Driving Licence for identity proof
Motive – Financial fraud
Threat Indicators Summary
  • The domain name was registered by Google LLC.
  • Domain name registration date -16-01-2023
  • The website domain name resolves to the IP address 34.27.60.58
  • The IP address 34.27.60.58 belongs to AS396982
  • The website prompts the client ID and password for sign-in
  • In the password field eye icon is not working. It is accepting non-valid Client ID and password
  • Forgot Client ID and forgot password links are getting a 404 error page
  • The phishing website accepts incorrect login credentials and redirects to a mycommbank[.]account-verify[.]app/default2[.]php page.
  • The webpage asks a user to enter their credit/debit card details and it is accepting the incorrect details the webpage redirects the user to the mycommbank[.]account-verify[.]app/thanks[.]php page

At the time of writing this, our security researchers are continuously monitoring our threat intelligence platform SDINET for mapping infrastructure, phishing websites, and malicious domain names of the attacker.

Rohit Patil
Website | + posts