Late last week, MailGuard warned Commonwealth Bank (CBA) customers had received phishing emails trying to trick them into give away their logins and passwords.

The message from scammers appears to be from CBA, so much so that MailGuard said in a statement “busy and distracted recipients who don’t take care to think twice, could be forgiven for thinking the email is legitimate”.

MailGuard is working hard to block the email so it never even reaches users’ inboxes.

The cyber criminal is coaxing customers into handing over their banking information under the pretence of their account being “temporarily locked” or “suspended”.

A box comes up to input your login information — when in reality you would be giving this personal information directly to the scammer.

Stream more finance news live & on demand with Flash. Australia’s biggest news streaming service. New to Flash? Try 14 days free now >

The email’s subject line is ‘[Alert] Confirm your Netbank account (Case ID #AU 0PPC001701)’.

Convincingly, the sender name is displayed as ‘Commonwealth Bank’ and is accompanied by an authentic sounding sender email address of ‘customerassist@cba.com.au’.

The actual sender email address is ‘whulk@whulk.com’.

The email itself reads: “We are unable to Confirm (sic) your account information.

“As a result, your account has been temporarily locked.

“All the services related to your account has (sic) been suspended pending resolution. Please provide your details as soon as possible”.

If the scam victim clicked on the “confirm my account” hyperlink they would then be taken to a screen prompting them to provide their Netbank credentials, including their client number and password to cyber criminals.

The next page then requests for more personal details, including your full name, date of birth, email address and phone number.

It gets worse. The third landing page takes you to another set of prompts where you provide your credit card details including the expiry date, CVC and the card pin.

“Of course, the login page is a scam,” MailGuard said.

MailGuard pointed out that in a further bid to “feign authenticity”, the online criminal sends a ‘One Time Password’ or OTP code to customers’ mobile phones pretending that they are confirming the number provided.

“Although those behind the scam have gone to great lengths to imitate CBA’s Netbank email communications and login pages, upon closer inspection, grammatical errors present in the body of the email, as well as the domain address, which is not an official Commonwealth Bank hosted website, are all red flags,” MailGuard concluded.

Similar scams occurred in August and September for CBA customers where a scammer impersonated the bank.

MailGuard said given that the CBA services 15.9 million customers, it is an “attractive target” for online criminals.

Users are urged not to click on any links and delete the email immediately.

A report could also be made to ScamWatch.