Go to top of page

Beware of phishing emails with attachments

Priority Level: 
20 October 2017

Scammers are good at recycling tried and true techniques to trick you into providing personal information.

But there is one that is particularly popular at the moment.

Stay Smart Online has recently seen a spate of phishing (spam) emails with PDF attachments that contain a malicious link.

If you click on the link in the attachment you will be asked to provide your personal information, such as your banking credentials.

Most financial institutions, including Commonwealth Bank, will never send messages via email that ask you to confirm, update or disclose personal or banking information.

The emails containing these attachments are less likely to be identified by email security software as potentially malicious as they have no malicious content or links, and the attachment itself does not contain malware.

Examples of scam emails

An example of a scam email currently in circulation purports to be from the Commonwealth Bank and the subject line starts with ‘Action Required - We take serious action to improve our security ...’. It discusses new security procedures and asks the recipient to ‘take a moment to read our secure attachment’. This is an example of the attachment:

Commonwealth Bank scam example

Variations on this scam seen over the last few days include emails from:

  • ‘Apple Service’ with ‘statement information’ and information in an attachment about how to access your Apple account.
  • The ‘PayPal Service’ with the subject line ‘[Statement] Summary - We have sent you an attachment about your account’. The content of the email advises the recipient’s PayPal account has been limited ‘and you now do not have the ability to withdraw funds’. The attachment purports to provide information about how to rectify this problem.
  • A fictional individual with the subject line ‘Hello’ and content ‘I tried to get this to you before, did you ever get it? Click PDF to view and download.’

What to do if you receive one of these scam emails

If you receive fake emails like these delete them immediately. Never click on links or open attachments in an email unless you are sure of the sender.

More information

Watch our videos presented by Marc Fennell on the simple steps you can take to stay safe online. Make sure to share them with your family and friends!

Find out more about phishing scams at Stay Smart Online.