CommBank enlists feds to kill fraud ring

Customers hammered despite warnings
View all images

The Commonwealth Bank has engaged the Australian Federal Police to shut down a sophisticated fraud network targeting its customers, which includes a compromised Queensland telephone number.

The phishing attacks have bypassed some spam filters and direct users to imitation Commonwealth Bank Web pages with the promise of tax and credit refunds, or ironically to address purported account security problems.

In one e-mail, users are directed to call a Queensland telephone number which issues a greeting ostensibly from the Commonwealth Bank and prompts users to enter account information unlock restrictions.

A spokesman for the bank said its security team is liaising with the federal police to identify the fraudsters and shut down the six offending Web sites.

He said the High Tech Crime Centre, part of the federal police, has terminated one Web site.

The bank said it had received calls from hundreds of customers inquiring about the scams, and has issued a warning screen on its Web site to customers.

Security consultancy assurance.com.au director Neal Wise said the Queensland phone number could have been registered with false details despite the requirement for providers to verify identification.

“They have to be able to associated a number to an individual or body corporate, but quite often that information is taken over the phone, and it can be a bit of an honour system,” Wise said.

“VoIP (Voice over Internet Protocol) providers need to collect identification even for an inbound phone service... but the [perpetrators] won't include their home phone numbers and wait for the police to show up.”

One security consultant, who requested anonymity, said a local ISP may have leaked e-mail addresses as the scams are highly effective at hitting e-mail addresses own by Australians.

He became suspicious after receiving phishing e-mails in a number of accounts without .au suffixes, and suggests a dodgy ISP employee may have leaked customer data.

“Registration for domain names is so easy, so at best closing a domain would take longer than a week; it depends how cooperative a country's law enforcement is... some countries even encourage ripping off Westerners,” he said.

Sophos head of technology Paul Ducklin said much of the success of the phishing scams is due to a mass spam campaign.

“Some are getting through but loads are being blocked, too. At the same time, I'm not seeing more than the usual number of phishes (blocked or unblocked) against other institutions. Seems to be a concerted, high-volume effort against CommBank's brand.”

An Australian Federal Police spokeswoman confirmed it is working on eliminating the scams and said in a written statement it has noticed a reduction in phishing Web sites over the last 18 months.

“The use of phishing sites and malware is often successful, resulting in a loss of money to the victim or the victim's bank,” she said.

Federal law enforcement is tackling online fraud through the police and industry Joint Banking and Financial Sector Investigation Teams established last year in Melbourne and Sydney.

More about: Australian Federal Police, Commonwealth Bank, etwork, Federal Police, Sophos
References show all

Comments

1

Harry

Wed 03/06/2009 - 00:20

Bank Scams.

I have three E-Mail addresses all with Bigpond. Yet I get bank spam basically on the one address. I do not know what this means other than the Address I use Most cops the most Spam.
I will leave it to others to Judge if what I am doing is safe but my computer is behind two fire walls and I run PC Tools Internet security.

It Takes Two to Tango so if these $#!!& people want to annoy me I consider them to be fair game. So I E-Mail them back with a set of phoney bank details, which I have even automated to automatically send every five minutes or so.
As I do not have accounts with the banks they are targeting they cant get at my cash.

I figure if enough people do this they will be flooded with useless data which they have to then check out to see if it is kosha or not and they will soon find themselves wasting more time and money than they afford.

By the way I get E-Mails proporting to be Netbank, Rabo Bank, Commonwealth bank, Westpac, ANZ and Bendigo Bank.
Now if only they had a fax Machine I could put mine on continuous resend and drown them in paper.

2

Another Anonymous

Thu 04/06/2009 - 00:24

Bank scams.

The biggest end-user mistake is to think that they understand the scam that is being played. The scam could be the one you think of, or the scammers might have a completely different angle. Playing along is for idiots. Any response takes you one step closer to being a victim. Scammers aren't illiterate chumps, even though they sometimes want you to think that. Scamming is a bigtime organised crime. These guys are pros. I can't say it enough, playing along is for idiots.

3

Anonymous

Wed 02/09/2009 - 18:11

thats a pretty good idea, these guys are cold hearted preditors. the oink-oink can track them etc but cant really do much if they are not in australia. people need to fight back and make it difficult for them, in doing so you are protecting vulnerable people and at least making the business of ripping people off more expensive.

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Australian Federal Police, commonwealth bank, phishing, social engineering
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/205/divx-plus/

DivX Plus

Divx Plus 8 provides you with a Web Player which allows you to watch DivX, AVI and MKV videos in your web brower; you can ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia