Dan Warne03 June 2009, 11:23 AM
A phishing scam has reached new levels with Commonwealth Bank customers targeted by fake call centres.
Chances are if you're on email, you've got many emails claiming to be from the Commonwealth Bank in the last few weeks, offering prizes of up to $500 for participation in surveys, as well as changes to netbanking login procedure, request for account detail confirmation and so on.
While these are pretty clearly phishing emails to anyone with technical experience, they are taking phishing to new levels, involving fake call centres with interactive voice systems to capture card details.
An email sent out on 26th May included a phone number in Brisbane to call to unsuspend blocked Maestro cards, but as of today, the number is disconnected. However, another email received this morning has an 08 area code number that is still in operation. According to ACMA, the number is a GoTalk VoIP number, which anyone could have registered over the web using stolen credit card details. (We've tried contacting GoTalk to notify them of this problem but were not able to immediately reach our regular media contacts.)
We called it, and were alarmed that the computer on the other end recognised the fact that we were keying in bogus numbers — an indication that at a bare minimum, it is doing algorithmic validation of the numbers being entered, and in a worst case scenario is operating a live payment gateway system to immediately siphon funds from accounts.
The phone call audio
We could not immediately reach Commonwealth Bank spokespeople this morning to find out whether the bank was detecting increased fraud levels in its systems, but the bank has issued a notice on its homepage stating that it never asks people to disclose personal details or banking information by email.
However, the introduction of fake call centres with local phone numbers is a new level of sophistication in phishing, and one which might catch some people who are not familiar with phishing scams unaware.
Credit reference bureau Veda Advantage today released alarming statistics about the rise in identity theft in Australia. The company says 4.4 million Australians are affected by identity theft – an increase of 600,000 people in the past year, with a fraud cost of $3.5 billion annually. The company has released a new $40 per year service called My Veda Alert that alerts people any time their credit file is accessed, which helps detect irregular activity such as credit card applications made by scammers using your details.
It's likely the phishing scam is timed to coincide with the relaunch of Commonwealth Bank's online banking, which is now available on mobile phones with web browsers.