On Tech Talk Radio this week we spoke about the current onslaught of “Commonwealth Bank” hoax emails, requesting or “phishing” for account details or personal information.

Source: Commonwealth Bank

Normally I wouldn”t give these schemes the time of day, but the size of this current campaign bombarding our mail servers is enormous.

The ‘real’ Commonwealth Bank site says:

“The Commonwealth Bank does not send emails requesting you to confirm, update or disclose your confidential banking information.”

Well that sounds pretty simple, doesn’t it?

The problem is that unscrupulous spammers are riding the wave of the Commonwealth’s success, registering similar or deceptive domain names and sending hundreds of thousands of spam messages, in an effort to elicit a response from unwary Commonwealth customers.

Messages purporting to be from the following domains have all tried relaying through my mail server in the last 24 hours:

commbiz.commbank.com.au
commonwealths.com
commbank.au.com
bankofthecommonwealth.com
thecommonwealth.org
commbnk.com
commbank.net.au

…and the list goes on.

Fortunately SpamAssassin seems to be knocking them all on the head, by my server at least.

But not all mail servers run real-time anti-spam software, and lots of servers are delivering these messages.

Technology journalist Angus Kidman, writing for APC Magazine, says that the sheer variety of messages means that many anti-spam services are finding it impossible to identify all the problem emails, even if their text sounds familiar and seems easy to detect; also that according to email security vendor MessageLabs (a division of Symantec), in the first week of the campaign more than 22 different core messages were being sent out en masse, with more than 11 variants.

Read the APC article here.

So what can you do to combat the problem?

• Make sure you’re running anti-spam software, and a good email software (like Mozilla Thunderbird, NOT like Microsoft Outlook Express) that detects and quarantines spam;
• DON’T CLICK ON or RESPOND TO spam emails – doing so just verifies to the spammer that your email address is legitimate and active, and invites a thousand-fold increase in spam to your email address;
• Never disclose personal information or credit card details online, unless you’re 100% confident about the security of the website you’re visiting.  Always double-check SSL certificates and the website address in your web browser’s title bar.

If in doubt, don’t click!

apc · apc magazine · commonwealth · commonwealth bank · commonwealth bank spam · email · email scam · hoax email · junk · phishing · spam · Tech Talk Radio · thunderbird · TTR