Help & support
Keeping your accounts safe is our priority. Find out more about how to recognise hoaxes and what to do if you see one.
The below emails and SMS messages, which have been reported, are not from CommBank and are not authorised by us.
We are aware of new phishing emails pretending to be from CommBank, claiming that a new mobile phone or phone number has been linked to a customer’s account. The goal of these phishing emails is to collect credit card and NetBank login information.
These messages use scare tactics by suggesting that a newly registered phone or phone number can now seamlessly transact to and from linked CommBank accounts, or that a NetBank password has been changed, or that a transaction has been disputed. Anticipating the immediate anxiety that this is likely to cause you, the scammers have included a phone number that can be called for assistance; however, when phoned, the scammer will then claim your accounts need to be secured by providing a credit card number. The scammer then asks for the numbers to be typed on a mobile phone keypad, allowing them to record the sounds made by the phone and steal the credit card information to conduct fraud.
These are not legitimate communications from CommBank. Do not call the phone number in the email, click on any links or respond to the sender. If you are ever unsure of a message you have received claiming to be from us, visit http://www.commonwealthdubai.com/contactus to find legitimate numbers you can call to speak to us directly. If you use the CommBank app, you can request CallerCheck be used as a way to verify you are speaking with the bank.
Both business and retail customers are currently receiving calls from scammers claiming to be CommBank staff and the CommBank fraud department.
These scammers are extremely convincing and will send a fraudulent SMS impersonating CommBank with a fake authorisation code to “verify” your identity. They will then ask you read out the fake authorisation code in order to confirm your identity.
CommBank will never send you an SMS to verify your identity and will never ask you to provide your passwords, NetCodes or tokens.
If you get an unexpected call from CommBank you can ask us to use CallerCheck to verify it’s us.
We're aware of an email currently circulating, that urges customers to confirm their identity by logging on to NetBank directly from a link in the email.
This is not a legitimate CommBank communication. Do not click the links or reply to the sender.
Always be suspicious of any message that asks you for sensitive information via email.
A CommBank/CommBiz themed scam is currently operating where scammers are cold calling customers, particularly businesses, pretending to be from CommBank or CommBiz support and advising of a problem with their internet banking.
Customers are then being directed to a Live Chat site, which is a fraudulent duplicate of the CommBank website with hyperlinks that will install remote access software on the customer’s computer, allowing the scammer to take control of it while they talk the customer through providing them necessary details to complete payments.
Important points to note, we will never:
Request remote access to a customer’s computer
Ask customers to provide us with a Netcode or code from a CommBiz token
Ask for any password
Instruct customers to make a transfer
Should you receive a call from someone claiming to be from the bank that is suspicious, hang up and call back on a known number such as your relationship manager, or one of the methods at Contact us - CommBank.
If you get an unexpected call from CommBank you can ask us to use CallerCheck to verify it’s us.
Scammers often impersonate widely used services such as DocuSign to steal credentials and gain unauthorised access to accounts. To increase the credibility of these impersonations, attacks may include names of bank staff. These emails are not from CommBank.
If the email is unexpected, and the layout and branding is inconsistent with DocuSign, it could be a scam.
If you're ever unsure whether an email is legitimate, contact us www.commonwealthdubai.com/contactus or through your Relationship Manager. If you think an email might be a scam, report it to us by forwarding to hoax@cba.com.au, then delete the message.
For more information about how to recognise DocuSign fraud visit https://www.docusign.com.au/blog/how-docusign-users-can-spot-avoid-and-report-fraud
Scammers are posting advertisements on social media, particularly on Facebook, Instagram, WhatsApp and YouTube.
The advert claims to use AI to generate passive income from an initially modest investment and deliver large returns. The scammers often claim you can make between $1000 - $5000 a day from an investment of $350.
The scammers will create a fake trading profile that looks legitimate, and will ask you to begin with a small investment. They'll show you fake returns on your investment, then ask for more money, often through cryptocurrency.
The scammers misuse well-known news brands and the CommBank brand to try and legitimise their scam. Scammers have even used fraudulent, AI generated videos of CommBank CEO Matt Comyn, and others, to try and convince people to invest.
CommBank urges you to be sceptical of any opportunity that seems too good to be true. Always Stop, Check and Reject if in doubt. You can validate the authenticity of any investment product offered by CommBank by contacting us directly through our official phone numbers, which can be found on our Contact us page. You can also review our investment scams information to learn more about recognising these scams.
Be on the lookout for an SMS scam falsely claiming to be from CommBank.
The SMS requests recipients to call regarding a newly completed transaction.
This is not a legitimate CommBank communication. Do not click any links, call the number in the message, or reply to the sender.
If you are ever unsure as to a communication’s authenticity, utilise one of the methods shown on www.commonwealthdubai.com/contactus to call a CommBank number you know to be legitimate in order to speak with us.
Beware of email and SMS scams reporting to be from CommBank.
These are not legitimate CommBank communications. Do not click the links, call or reply to the sender.
We will never ask you to log on or provide sensitive information via a link in an email or SMS.
Both business and retail customers are currently receiving calls from scammers (often with UK/British accents) claiming to be Commonwealth Bank staff.
These scammers are extremely convincing and will often:
Whilst our fraud team may contact you to verify a transaction, we’ll never ask you for sensitive banking details such as NetBank or CommBiz token/passwords, PIN’s or NetCodes. We’ll also never ask you to transfer money, download software or get you to login via a link sent through email or SMS.
If you are speaking to someone claiming to be from Commonwealth Bank, whether they seem to be legitimate or not:
If you receive a call from anyone claiming to be from the Commonwealth Bank, request they use CallerCheck to identify you. If you do not have the CommBank app and are unsure if the caller is legitimate, hang up and contact us via www.commonwealthdubai.com/contactus to verify.
Scammers have recently published a fictitious website impersonating Commonwealth Bank’s subsidiary – Securitisation Advisory Services Pty Ltd (ACN 064 133 946) (AFSL 241216) to promote the sale of scam investment products, including treasury and corporate bonds.
To attract potential victims, the scammers have created this fake price-comparison website, offering to provide investors with information on the best rates for various products. Potential investors who leave their personal details on the site are very likely to receive a call from the scammers. The caller will impersonate as a staff member working for Securitisation Advisory Services. They will supply the potential investor with good quality documents containing details of the proposed investment, which will usually provide a greater return than an equivalent legitimate product in the market. The fictitious website used for this scam is ‘sas-invest.com’.
Commonwealth Bank urges you to review carefully before proceeding when considering any investment opportunity. Always Stop, Check and Reject if in doubt. You can validate the authenticity of any investment product offered by Commonwealth Bank by contacting us directly through our official phone numbers, a full list of which is provided on our Contact us page. You can also review our investment scams information to learn more about recognising these scams.
A large number of CommBank-themed phishing messages and emails are currently in circulation.
These fraudulent communications urge recipients to click on a link by informing them of unusual or unexpected activity on their accounts, such as unexpected logins, registered devices, Netcodes, and payments.
These are not legitimate CommBank communications. Do not click the link or reply to the sender.
Here are some of the current scam trends and tactics that we’re seeing affecting our customers.
AUSTRAC has issued a news release regarding scams impersonating AUSTRAC and FIU. There have been reports of scammers calling members of the public, posing as AUSTRAC or FIU investigators. The scammers state that the individual’s bank account was used for money laundering and is now under investigation. The scammers advise that AUSTRAC will put a hold on their account and asks them to transfer their money into another account for ‘safe-keeping’.
AUSTRAC will never tell you we are putting a hold on or freezing your bank account. These scams attempt to trick you into moving or paying money, or giving out your personal information. Scammers often pretend to be from trusted organisations like AUSTRAC.
If you think a call claiming to be from AUSTRAC or any other organisation is not genuine, remember to Stop, Check, and Reject and if you are ever unsure, please ask someone you trust or contact the organisation the call claims to be from - do not engage with the scammer.
For further information you can visit: Be aware of scams impersonating AUSTRAC and FIUs | AUSTRAC
If you receive a message claiming to be from a postal delivery service requesting you click on a link for an undelivered package or to rearrange delivery, do not click on any links and delete the text.
Scammers are sending texts that appear to be from postal delivery services. These messages contain links to websites impersonating postal delivery services and ask you to input information such as your NetBank ID, password, card details and NetCodes to pay for a redelivery fee. If you receive a message like this, don’t click the link or share your personal information. If you need to check the status of a delivery you have requested, you could instead use the secure app provided by your postal delivery service or refer to their website for more information.
We’ve seen an increase in scams where scammers claim to be from a government organisation and/or the police and advise victims that they’ve been involved in illegal activity such as money laundering. Scammers create a sense of urgency by making threats of arrest, police investigation or other serious penalty. Often, scammers will specifically target overseas nationals in Dubai, and may threaten deportation or visa cancellation. As well as seeking money, scammers will often attempt to obtain passports, visa numbers, and other forms of ID. Scammers will falsely provide ID numbers for cases and transfer to fake government organisations to support the legitimacy of the scam. Scammers then demand the victim to transfer money to international bank accounts and other unusual methods such as cryptocurrencies like bitcoin, cardless cash, cash deposits, international money transfers and gift cards/store cards for their bail. Often, these scammers create fear through ensuring the victim has regular contact with the scammer to track their actions, whereabouts and who the victim is talking to. Victims can also be made to contact relatives overseas and fake their kidnapping in order to obtain more funds.
If you receive a message like this, don’t click any links or share your personal information. Hang up, delete the message and stop contact with the scammer. View more information on threat and penalty scams and download our threat and penalty scam factsheet (PDF)
If you receive a message claiming to be from Linkt toll services requesting payment for an overdue bill or to fix an issue with your account, do not click on any links and delete the text.
Scammers are sending texts that appear to be from Linkt toll services. These messages contain links to fake websites and ask you to input information such as your NetBank ID, password, card details and NetCodes. If you receive a message like this, don’t click the link or share your personal information. Delete the message and contact linkt.com.au directly to check whether the message is legitimate.
Currently, people who are selling items on Facebook marketplace or gumtree are being targeted by scammers requesting payments to be made to “PayID” to settle fake overpayments, “upgrade” or “unlock” their accounts.
PayID will never contact you directly. If you encounter any issues with PayID please contact your bank.
Signs it’s a scam:
You receive an email claiming to be from PayID advising you have been paid, but no money appears in your bank account.
You are asked to pay money in order to settle an overpayment or to “unlock” or “upgrade” your account.
You are contacted by someone claiming they cannot pick the item up themselves and will have a family member do so on their behalf.
You are asked to receive payment via PayID, but also asked for your email address or other irrelevant contact information.
There are a number of websites popping up which claim that you can earn money by completing tasks on that website. The tasks involve the victim using their own money to purchase products and services to boost seller’s visibility and/or ratings. Some examples are writing reviews for hotels or purchasing products from an alleged amazon or eBay seller. Payments for these products/services are to a BSB and account number provided. The idea is the victim will be paid a commission however, this may never come or very little will be received, but what is clear is you will not receive what is promised.
Scammers are reaching out to unsuspecting victims via WhatsApp and Telegram however, there are also advertisements circulating on Instagram and Facebook. Remember if something seems too good to be true, it often is. If you are approached or come across an advertisement that sounds like the above, remember to Stop, Check, and Reject and if you are ever unsure, please ask someone you trust or contact the organisation the message claims to be from.
Ceba can help you lock your card or securely connect you to a specialist in the CommBank app.
Fast-track your call, see expected wait times and connect with a specialist in the CommBank app.
Send us a copy or screenshot if you receive a hoax email or SMS.
