Australian Banks and Taxpayers Phished

We have been receiving various phishing attempts targeting Australian banking sites and bogus tax refund notifications.  Phishers are currently targeting financial firms such as the Commonwealth Bank of Australia, Credit Union Australia and St. George Bank. The social engineering tactics used in these phishing emails attract unsuspecting users by informing them of an unread message in their online banking mailbox, or to re-confirm account information.

1. Commonwealth Bank phishing email:

2. Credit Union Australia phishing email:

3. St. George Bank phishing email:

The webserver hosting the phishing webpage appears to be hacked legitimate websites and most of the time the PHP script is sitting inside the "appserv" folder.

Its not only Australian e-banking users that are being targeted by phishers. While Australians are busy lodging their income tax returns, phishers are also busy on their bogus tax refund spam campaigns that intend to phish tax payers credentials and sensitive data.