Banking Email Scams

phishing

Just a little write-up while waiting on the phone to speak with the bank in question. I received an “email from my bank” today which I suspect many others have seen, or will see.

As you can see, my mail server identified it correctly as spam, and my main mail client doesn’t show html by default (I won’t see any fancy stuff like this, I had to use the mail client on my phone to see it in the way most people will see it.)

As you can see, at first glance, it’s an email from my bank.

Phone Email Screenshot
Phone Email Screenshot
Phone Email
Phone Email

I WOULD NOT RECOMMEND CLICKING ON ANY OF THE FOLLOWING LINKS!

I went ahead and started pulling it apart. Hovering over the link, we can see that it will take you to

“https://ritaspizzaportsmouth.com/logon/validate.php??”

Long press on
Long press on “More Details” button

Pizza place Logon Page
Pizza place Logon page

(yeah, don’t go there. I did, but in a Kali VM through a VPN and proxy chain etc). The URL will show up as

“https://linktr.ee/Commonwealthnetaustrlaia??”

Note the “linktr.ee” and misspelling of “austrlaia”.

If you cut off the section at the end and just go to

“https://ritaspizzaportsmouth.com/”

Pizza Place
Pizza Place

you will probably just be hungry.

So on the pizza logon page if you hover over the “Log on to Netbank” button you’ll see that it takes you to

“https://www.zimyellowpage.com/Commonwealth-Bank/log-in/validate.php”

Which is Zimbabwe Yellow Pages. If you search for Commonwealth Bank on

“https://www.zimyellowpage.com/”

Zimbabwe Yellow Pages
Zimbabwe Yellow Pages

It can’t find it. But the “log-in” link takes you to a fake commonwealth bank login page where the URL shows as

“https://logon-to-netbenk-mycommbenk-australia-netlogonaspx.live/log-on/”

Fake CommBank Login screen
Fake CommBank Login screen

“netbenk-mycommbenk” should probably be a hint here, but you do need to know to be looking for it. At least they spelled it “australia” this time.

What can we take away from all of this? Well, it does show some of the limitations of a smartphone, which does make it harder to see what those big friendly buttons actually link to. If you long press on them, you should be able to see the real links.

The size of the screen and the settings of your phone browser can make it harder to make out those typos which should be red flags.

Email from my bank, or any type of message from an entity that I have a financial relationship with, is something that I always add a bucket of salt to. At the very least, just take your time with these things. Putting things off can often be a superpower. Most scams rely on scaring you into rushing so that you miss things that you might otherwise notice.

If your web site is not properly locked down then you can end up hosting nefarious pages such as these. The pizza place and the yellow pages site are almost certainly not “in” on any of this, but likely just had poor security which is now allowing scams like this to operate.

And primarily, DON’T JUST CLICK ON LINKS IN EMAIL!

A hopefully helpful link-

https://www.commbank.com.au/support/security/sms-phishing-scams.html