One Way the Commonwealth Bank Can Protect Itself from a Major Phishing Scam


Auraya Blog

One Way the Commonwealth Bank Can Protect Itself from a Major Phishing Scam

Angelo Gajo | December 5, 2019 | 5 minutes


The Commonwealth Bank is an Australian multinational bank offering personal and business banking services and solutions to its customers. On November 29, a phishing email posing as Commonwealth Bank was detected by MailGuard. The phishing email requests the recipients to verify their transaction details and activity through a hyperlink. Upon clicking the hyperlink, the recipients are directed to a fake login webpage under the fake domain Commbonk where customers are asked to log in using their client number and password. Once entered, the customer’s details are then harvested by the cybercriminals. The appearance of the fake login webpage is very similar to the original Commonwealth Bank webpage, with the only difference being the URL. With webpage designs being easily copied and replicated, this method of phishing for customer data is easy to attempt for fraudsters and hard to detect by legitimate customers.


The Similarities Between CommBonk and CommBank’s Login portals (Source: MailGuard)

Companies like Commonwealth Bank can improve their digital security posture and deter phishing attempts by replacing traditional security methods such as PINs and passwords with Auraya’s voice biometric technology. Not only will this improve security for banks’ online services, but it will also provide a delightful and seamless customer experience. With voice biometrics, customers will be required to click on a microphone icon to activate their device’s microphone and speak a random series of digits that are displayed on the screen to verify their identity.

With voice biometrics, customers no longer need to remember passwords or secret answers or reveal their sensitive information such as date of births, addresses and other personally identifiable information to verify their identity whether it is on a browser webpage, digital app, or to an actual agent in a call centre.

Voice biometrics login make phishing for your password and PIN’s worthless. Fraudsters could try to capture a recording of you saying your ‘one-time voice code’ however this won’t help as every login requires a different random digit which is easy for the legitimate customer to say and impossible for the fraudster.

What sets apart Auraya’s voice biometrics technology from PINs and passwords is that voice biometrics cannot be mimicked, recorded or synthesized. Through Auraya’s patented features, Auraya’s ArmorVox voice biometric engine can detect and flag fraud attempts made with recorded, mimicked or synthesized voices. Random challenges render pre-recorded voices useless. This means that customers who are fooled by phishing emails and fake login portals would still be safe and secured from fraudulent attempts made against their accounts.




Secure Password Resets with Voice

17 June 2020



Protect Against Identity Theft with

27 May 2020



Biometrics Solutions and Concepts for

20 May 2020


sign up to our mailing list