CommBank Phishing Scam

Image of iPhoneI have been an advocate of ensuring you know what you are doing, and double check everything before acting upon, so you don’t fall foul of phishing scams.

I can’t be more amendment on the fact, as you don’t know who is out their trying to get your hard earn cash.

Back Story

Earlier this week, I was phoned by a call centre claiming to be from the Australian Tax Office (ATO) with a recorded message saying that I had outstanding debts and was also implicated in Tax Fraud, and that there was a warrant out for my arrest.  I knew this was a scam, as I have been targeted 4 time before, as well as another family member.

Anyway, I wasn’t going to let this go unanswered, so I rang the number back, strung them along for a little while, then mentioned I worked for the Australian Federal Police (which of course I don’t).  This is where the abuse started – they realised they had been caught out, and let lose with all asunder with foul language that I won’t even repeat.  For the next 3 hours, I repeatedly redialled the number, and just left the line opened until they hung up.  Occasionally, I would engage them, by saying I am returning a call – and when they asked for my name, giving them a fictitious name – which threw them in a loop as it wasn’t the name they had against my service number (they’ve obviously scrapped the details from somewhere).

Finally, they got that sick of me, that they actually blocked my number.

The reason I did this, is depending on where they are located, is while I had them on the line – it was one less person they were talking too, and if they were overseas, it was costing them money in the local to international call costs.  It wasn’t costing me any more, as my phone plan has unlimited mobile to national landlines at no extra cost.

The Story

Well, I fell victim of a phishing scam.  Yes, even the best of us do things without thinking.  I got an SMS on my mobile (smartphone) with a link to a website.  I naturally didn’t think twice, as I thought it was from the bank and followed through.

The basis of the SMS was that the Commonwealth Bank was testing their SMS and needed me to do some checks, which included me giving them my mobile then a special code.  The first clue should have been, they were asking for my mobile number – but it didn’t click.  Did what they asked, and didn’t think twice about it.  Yep – was busy, and didn’t really think.

Anyway – what I had done was give someone enough information to try and do a card less transaction at an ATM.    Anyway, I guess they tried to withdraw more than the account had, and Commonwealth Bank put a stop on my account, sent me an email, which meant I needed to go to the nearest branch and deal with it,

What it means:-

  • They will need to close the account.
  • Create a temporary account.
  • I submit a Statutory Declaration saying someone tried accessing my account without my express permission (i.e. phishing scam).
  • CommBank open a new account.
  • New Cards (possibly).
  • And any direct debits / scheduled transactions need to be changed.

In short, with financial institutions especially, if you get an SMS with a link to a web page to test things, before you do it check with them.  They usually have this sorted before going live.  Even the best of us, can slip up.