Australian Internet users receive forged message from bank to submit their account number and password via Web page

Incident Date: March 2003
Incident Location: Australia

In March of 2003 Australian Internet users received an official looking email asking them to "reactivate" their Commonwealth Bank account by logging in to the Web site. However, this Web site, while similar to the bank’s (actually at, was created by criminals to trick customers into revealing their account number and password. The criminals then made attempts to remove money from the bank accounts of customers who responded to the request.

At least one attempt to notify the bank of the false email was brushed off by Commonwealth Bank staff. While the email contained several warning signs, such as poor grammar, it bore the bank’s legitimate logo. It was also customary for Bank customers to receive email communications from Commonwealth Bank.

Jeff Smith, a Commonwealth Bank customer, was duped by a similar email scam in January of 2003. Criminals transferred $4,000 from his account after obtaining his account number and password. Mr. Smith said the bank refunded his money.

Story Sources

Title: Internet banking passwords stolen
Author: Kirsty Needham
Date: 3/19/2003
Publication: The Sydney Morning Herald
Publication Location: Sydney Australia
Publication URL:

Do you have additional information to contribute regarding this story? If so, please email with the details and source.

<-- Back to Authentication Story Index

[Home] [About Us] [News] [Research]

Copyright © 2016