Don’t Be Fooled By This Sneaky Commonwealth Bank Phone Scam

Recently, scammers have been targeting Commonwealth Bank customers through an elaborate phone scam. This scam involves robocalls, text messages, or direct phone calls pretending to be from Commonwealth Bank. The scammers claim the victim is approved for a loan, past due on a debt, or needs to approve a large transaction. They then provide a fake 888 or 844 number and ask the victim to call back. However, the provided numbers connect directly to the scammers themselves. This tactic allows the criminals to establish a fake connection to Commonwealth Bank and exploit trusting victims.

This article will provide a thorough examination of the Commonwealth Bank phone scam and equip readers with the knowledge to avoid becoming victims.

scam 4

Overview of the Scam

The Commonwealth Bank phone scam relies on two key strategies: impersonation and urgency. By pretending to be Commonwealth Bank, the criminals establish legitimacy and leverage the bank’s reputation. References to loans, debts, or unusual account activity create an air of urgency and pressure victims to act quickly without thinking. This combination results in people blindly following the scammer’s instructions without realizing it is a scam.

Once contact is made, the scammers direct victims to call the provided 888 or 844 numbers. However, this connects them directly to the criminals. The scammers then use various pretenses to gain remote access to the victim’s computer and accounts. From there, they can steal personal information, money, and even commit identity theft.

It is an elaborate scheme designed to exploit people’s tendency to trust banks and act quickly when they believe their finances are at risk. Awareness is critical, as these social engineering tactics can fool even savvy individuals. Falls victim once, the financial and personal ramifications can be devastating.

Tactics Used

Here are the key tactics used in the Commonwealth Bank phone scam:

  • Robocalls – Pre-recorded messages claiming to be Commonwealth Bank. Using robocalls allows mass targeting of potential victims.
  • Live Calls – If the victim answers, the criminals pose as Commonwealth Bank employees.
  • Caller ID Spoofing – The incoming calls often appear to be from a legitimate Commonwealth Bank phone number or location. This convinces victims the call is real.
  • Fake 888 & 844 Numbers – Provided numbers route directly back to the criminals but appear separate from the initial call.
  • Urgency – Claiming issues like unusual account activity or overdue debts to pressure immediate action.
  • Impersonation – Pretending to be from Commonwealth Bank lends legitimacy.
  • Remote Access – Getting access to a victim’s computer is the end goal to steal financial information and money.

Losses Reported

The average loss from this scam is approximately $700 per victim. However, losses have ranged from $100 to as high as $30,000 in some cases. The total financial impact is estimated to be well into the millions.

Beyond direct financial losses, this scam also often involves identity theft. With remote access to a victim’s computer, scammers can steal driver’s licenses, passports, social security numbers, and other personally identifiable information. The damage caused by such identity theft can plague victims for years.

Authorities have advised Commonwealth Bank customers who fell victim to call the bank immediately. The bank has teams in place to help respond to such scams and assist affected customers. Quick action is key to limit losses and prevent further identity theft.

How the Scam Works

Now that we have covered the overview, let’s look at exactly how the Commonwealth Bank phone scam unfolds:

Step 1 – Initial Contact

The scammers initiate contact via:

  • Robocall with a pre-recorded message.
  • Personalized cold call from a live scammer.
  • Text message containing alarming claims.

The incoming phone number is often spoofed to appear to come from a legitimate Commonwealth Bank location and phone number. Caller ID spoofing lends credibility to the scam.

Step 2 – Scare Tactic Claims

The criminals will make false claims designed to scare and urge immediate action. These include:

  • You are approved for a new loan or credit limit increase.
  • There is unusual activity on your account.
  • Your account is compromised and at risk.
  • You owe the bank for an overdue debt.
  • You must authorize a large transaction or purchase.

These tactics pressure victims to act quickly and contact the provided 888 or 844 number. If asked for account information, criminals may cite “verification purposes.”

Step 3 – Provide Fake 888 / 844 Number

Once scare tactics create urgency, the scammers provide an 888 or 844 number and instruct the victim to call it immediately. They may claim things like:

  • Call 888 to discuss your new loan approval.
  • Call 844 to review the unusual account activity.
  • 844 can help fix the issues with your account.

These numbers appear separate from the criminals, but in reality route back to them. So when victims call, they are connecting directly with the scammers again and establishing legitimacy.

Step 4 – Fake Security Concerns

After connecting with the provided 888 / 844 number, the criminals create new pretences to continue gaining the victim’s trust. Some examples include:

  • Claiming the victim’s account or identity is compromised.
  • Citing unusual login activity that needs investigation.
  • Stating they detected a security threat on the victim’s computer.

These false security issues allow the scammers to pivot into offering to protect or restore access to accounts.

Step 5 – Remote Access Request

In order to help fix the fake security compromises, the criminals will request remote access to the victim’s computer and accounts, often via tools like AnyDesk. They may say things like:

  • Let us into your computer so we can secure your accounts.
  • We need remote access to resolve this threat and restore account access.
  • To verify your identity and refund fraudulent activity, we need remote access.

This is the key stage. Remote access allows the criminals to steal personal information, financial account details, and money.

Step 6 – Reassure and Pressure the Victim

If the victim expresses any doubt or hesitation, the criminals will continue making reassurances to earn trust. Some examples are:

  • This is our standard procedure for issues like this.
  • I know it’s unusual, but I will guide you through the entire process.
  • We have protocols in place to safeguard your information.

The criminals may also create more urgency to pressure action:

  • Your accounts remain frozen until we can secure them remotely.
  • The faster we act, the sooner we can stop additional fraud or debts from occurring.
  • This issue needs to be resolved immediately before things get worse.

With enough reassurance and urgency, most victims will grant the remote access, giving the criminals control.

Step 7 – Remove Money and Commit Identity Theft

Once inside the victim’s computer and accounts, the criminals act quickly to locate and steal any money or valuable personal data they can find. Common activities include:

  • Look for bank account and routing numbers. Log into bank accounts to steal money via transfers or checks.
  • Access credit card information and make purchases or transfers.
  • Download personal documents like passports and driver’s licenses to enable identity theft.

In some cases, the criminals will also hold the computer hostage via ransomware until the victim pays. Or if they have account logins, they will continue monitoring and stealing over time.

Step 8 – Cut Contact

After stripping money and information from the victim’s accounts and computer files, the criminals end the call. In most cases they try to keep the scam going as long as possible to maximize their theft.

Once the criminals have what they want, they quickly cut all contact with the victim. At this point, they have usually committed identity theft, drained financial accounts, and downloaded sensitive files. Damage done, they disappear and move on to the next potential target.

How to Spot This Scam

While the criminals are sophisticated, there are key signs that can help you identify and avoid becoming a victim of the Commonwealth Bank phone scam:

Unexpected Calls or Texts

Be wary of any unexpected calls, voicemails, or texts claiming to be from Commonwealth Bank. The bank would typically only contact you if you have an ongoing matter with them. Cold contacts claiming to be Commonwealth Bank should raise suspicion.

Threats or Urgency

Scammers try to rush and pressure you into acting quickly before you can think. Be suspicious of any urgent threats like account closures, immediate funds needed, or problems requiring fast action. Real banks don’t threaten customers like this over the phone.

Request for Sensitive Information

Commonwealth Bank would never cold call and request sensitive details like passwords, PINs, or full account numbers. Refuse to provide confidential information over the phone.

Asking You to Call a Number

Don’t call any number left in a voicemail or provided in a call/text. Go to Commonwealth Bank’s website and call a verified number to check if the issue is real. Calling any number you are told to is risky.

Remote Access Requests

Reject any request to download remote access software or let an unsolicited caller log into your devices. Commonwealth Bank will never do this. Remote access tools are used by scammers to compromise devices and steal data.

Sense of Urgency

Slow down if you are rushed, told you only have a short window to act, or pressured to keep things secret. This is a scam tactic to bypass your critical thinking.

Stay alert to these signs. When in doubt, hang up and call Commonwealth Bank directly through their official channels to verify any communications. Your vigilance can help protect you from this scam.

What to Do if You Are A Victim of This Scam

If you have fallen for the Commonwealth Bank phone scam and given remote access or disclosed sensitive information, stay calm, but immediately take these steps:

Step 1 – Contact the Bank

If you provided access to any of your Commonwealth Bank accounts or identified yourself as a customer, call Commonwealth Bank urgently. Report you have fallen for a scam involving stolen account access. This will allow them to take measures to secure your accounts.

Step 2 – Change Account Passwords

Assume the criminals have passwords for any accounts accessible from your computer. Change online banking passwords immediately from a different secure device. Avoid using any device the criminals had remote access to.

Step 3 – Alert Your Financial Institutions

Contact your bank, credit card companies, or any other financial accounts you have to report unauthorized access. Request new cards, account numbers, and passwords. This will prevent the criminals from being able to use those accounts. Monitor statements closely for fraudulent activity.

Step 4 – Install Anti-Malware Software

Malicious software may have been installed during remote access. Scan your computer with anti-malware tools to find and remove anything suspicious. Also change all device passwords. Wipe devices completely if malware persists.

Step 5 – Place Fraud Alerts

Since the criminals may have accessed your personal identity information, put fraud alerts on your credit files. This alerts lenders to be on watch for suspicious activity. Do this with Equifax, Experian, and TransUnion.

Step 6 – Reset Security Questions

Security questions and answers could have been revealed. Update these for financial accounts, email, and wherever else they are used. Avoid old answers the criminals may now know.

Step 7 – File Police Reports

File police reports on the identity theft and account fraud. This creates an official record and may help recover losses from banks or insurers. Reports can be filed with local police or online with ReportCyber.

Step 8 – Monitor Accounts Closely

Keep vigilant watch on all your financial accounts over the next few months. Look for unusual transactions, new account openings, or credit inquiries. Report any fraudulent activity immediately to limit losses and prevent additional crimes.

Falling victim to scams like this can be disheartening. But following these steps quickly can help restrict the damage and regain security. Be wary of any further contact attempts by the criminals. Seek support if you need help recovering – you are not alone.

Frequently Asked Questions About the Commonwealth Bank Phone Scam

1. How does the Commonwealth Bank phone scam work?

The scammers initiate contact via robocalls, live calls, or text messages pretending to be from Commonwealth Bank. They make urgent claims of issues like unusual account activity or loan approvals, and provide fake 888/844 numbers for you to call back. However, those numbers connect you right back to the scammers. They then use various tactics to gain remote access to your computer and accounts in order to steal money and personal information.

2. What techniques do the scammers use?

The main techniques include impersonating Commonwealth Bank, faking caller ID, making urgent claims to pressure you, providing 888/844 numbers that route to the criminals, inventing fake security issues that require remote access, reassuring victims, and using remote access tools like AnyDesk to steal money and data.

3. What types of urgent claims might the scammers make?

Common urgent claims include you being approved for a loan, owing money for an overdue debt, suspicious activity on your account, an account compromise, or the need to authorize a large transaction. Anything to create urgency and pressure you to call back.

4. How do the 888/844 numbers work?

The scammers will provide an 888 or 844 number after making the urgent claims and tell you to call it right away. However, despite appearing separate, these numbers actually route directly back to the scammers when you call. So it connects you back to them while giving the appearance of a legitimate return call.

5. What happens when you call the 888/844 number back?

Once you call back and are reconnected, the scammers will invent new fake security issues, like a threat detected on your computer, unauthorized logins, or account compromises. They’ll claim remote access is needed to help fix and protect you. This gets them the access they want.

6. How might the scammers reassure or pressure you?

If you express doubt, they will reassure you it’s just standard procedure and they’ll guide you through it. They may also create urgency by saying your accounts will remain frozen until fixed remotely or that immediate action is required to avoid additional fraud or losses.

7. What are the risks of allowing remote access?

Remote access allows the criminals total control to steal your money, bank and credit card details, personal documents, account logins, and anything else on your computer. This enables them to drain accounts, open new fraudulent accounts, and commit identity theft.

8. What should you do if you fell victim to this scam?

Immediately contact Commonwealth Bank, change your account passwords from a different computer, alert other financial institutions, scan devices for malware, put fraud alerts on your credit, reset security questions, file police reports, and monitor accounts closely for fraudulent activity. Acting swiftly can help limit damages.

9. How can you avoid becoming a victim?

Be wary of urgent claims over the phone, never call the provided 888/844 numbers, do not provide any personal information or account access, and independently verify legitimacy directly via the Commonwealth Bank’s official contact channels – not any numbers provided to you.

The Bottom Line

The Commonwealth Bank phone scam leverages impersonation, urgency, and fake security threats to steal money and identities from unsuspecting Australians. Awareness is the best defense. Look out for urgent claims, requests for remote access, and provided 888 / 844 numbers. Verify legitimacy directly with the bank before providing any information or account access. Those unfortunate enough to fall victim should act swiftly to contact institutions, change account details, and monitor for fraudulent activity. Spreading the word about this scam will help protect more people.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Leave a Comment