ZDNet reports:
The Commonwealth Bank of Australia has revealed that some customers have been tricked into revealing their online banking client numbers and passwords after receiving a spam mail claiming to be from the bank. The message has the subject "Netbank Security Server Update" and asks recipients to reactivate their Netbank accounts. The HTML message grabs a genuine Commonwealth Bank graphic, but the hyperlink that purports to take the reader to the NetBank site actually points to a server identified only by an IP address.