Beware Phishers Exploiting Banking Chaos

The various takeovers and mergers in the financial fallout give phishers a new opportunity to try to scam you into giving over your bank account warns the FTC. As most of you know, any unexpected email message that looks like it came from a financial institution, asking you to “update,” “validate,” or “confirm” your account information is invariably a scam. Unwitting victims are redirected to a login site that looks like it’s for their bank, but is really just a way to steal your account logins and/or personal information for use in further identity theft. Here’s the FTC’s tips for getting “hooked” by the “phishers” (gotta love it when the Feds pun)…

* Don’t reply to an email or pop-up message that asks for personal or financial information, and don’t click on links in the message – even if it appears to be from your bank. Don’t cut and paste a link from the message into your Web browser, either. Phishers can make links look like they go one place, but actually redirect you to another.

* Some scammers call with a recorded message, or send an email that appears to be from an institution, and ask you to call a phone number to update your account. Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers are. To reach an institution you do business with, call the number on your financial statements.

* Use anti-virus and anti-spyware software, as well as a firewall, and update them regularly.

* Don’t email personal or financial information. Email is not a secure way to send sensitive information.

* Review your financial account statements as soon as you receive them to check for unauthorized charges.

* Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.

* Forward phishing emails to spam@uce.gov – and to the institution or company impersonated in the phishing email. You also may report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group, a consortium of ISPs, security vendors, financial institutions and law enforcement agencies, uses these reports to fight phishing.

* If you’ve been scammed, visit the Federal Trade Commission’s Identity Theft website at ftc.gov/idtheft for important information on next steps to take.

Bank Failures, Mergers and Takeovers: A “Phish-erman’s Special” [FTC]

Comments

Edit Your Comment

  1. mercnet says:

    If you fall for this scam, you deserve to have your money stolen…

    • kingmanic says:

      @mercnet: Not to clear cut. Could you tell a spoofed DNS? If someone was able to hi-jack your ISP’s or heaven forbid one of the main DNS servers then http://www.yourbank.com could very well eb a phishing site instead. Not everyone is tech savy. New users to the internet wouldn’t be aware that email is significantly different then snailmail. They’d assume that there must be some authority making sure emails are private and legit. You can spoof soandso@yourbank.com and many don’t know that.

      Ideally we’d all be well informed but blaming the victim helps no one. It’s one of the reasons some scams work. The shame of being scam keeps people from speaking to the authorities.

      • nicemarmot617 says:

        @kingmanic: Oh give me a break, how often has that actually happened? Mostly they just mask the URL so an inexperienced user won’t see where it really goes.

        We live in the age of the internet now. People need to learn to be skeptical of things that seem sketchy. It’s just a part of life now and if you don’t learn, you’re going to continue to get scammed. If you get an email from a company you don’t do business with, or a company who doesn’t ordinarily email you, you have to be suspicious. That’s reality in 2008.

        • kingmanic says:

          @nicemarmot617: The internet authority in Pakistan messed up the world wide DNS for Youtube for a few hours. If you can gain control of someones router (easy as most people leave them at factory settings) you can create your own custom DNS. This would require some war driving.

          [www.popularmechanics.com] (DNS is inherently security flawed.)

          How often does it happen? Hard to say. But it’s not impossible and not unreasonable to think someone will exploit such flaws.

      • blackmage439 says:

        @kingmanic: Agreed. These scams are becoming so sophisicated today that distinguishing legitimate messages from scams is becoming difficult even for the keen-eyed consumer. It’s all about social engineering with a little mix of technical know-how. It’s not that difficult to create a look-alike email and couple it with a fake email address. Besides, say if you’re about to be foreclosed on. You receive an email titled “Your property @ [address] is under foreclosure.” I seriously doubt that 90% of people in the same situation will think first, “Yeah, right! FAKE.” No, they’ll already be panicking.

        So, I’m with kingmanic. Don’t blame the victim. These spammers and phising SOB’s are way to skilled for their own good in this day and age, and I only see the problem getting worse.

        • TracyHamandEggs says:

          @blackmage439: I have an application for a loan pending with “mybank”. I got an email the other day from Customerservice@mybank.com. Didnt ask for any information, told me I had a message waiting for me when I logged in (just like mybank does).

          Almost fell for it and clicked the completely legit looking link. Thankfully I am experienced enough to go ahead and go to my bookmarked page instead, but I have to think that a decent number of customers would believe it if they are doing business currently with that bank.

    • @mercnet: Sorry guy… not everyone in the world is as computer savvy as we are here…

    • @mercnet: Yeah for blaming the victim you FAIL.

      Just because someone is gullible, trusting, stupid, senile, or any other number of mental conditions that could make them fall for a scam does not mean they deserve to have their money taken.

    • lannister80 says:

      @mercnet: You, my friend, deserve to be disemvoweled.

  2. Anything associated with Cat In The Hat, and by association, Dr. Seuss, now makes me think of a dirty pedophile trying to have his way with children. I should never have seen that movie…

  3. catskyfire says:

    Good timing. I received an excellent e-mail from “my bank” yesterday. Fortunately, I am phishing wise, and checked the specifics of the link. It looked good, though. Very believable. I do prefer it, though, when they send me these notices for banks I don’t work with…much easier to discard directly then.

  4. bluebuilder says:

    Revenue Canada (IRS for canada) has recently put out a warning regarding over something just like this: [www.cra-arc.gc.ca]

  5. ShyamalHope says:

    My top tip is ALWAYS log into any financial site with the wrong password on the first try. Even if you think you’re at the right site, log in with a dummy password. If it accepts it, you know you’re in the wrong place.

  6. graceless says:

    If you are being targeted by any scam team, it is better to over-react than it is to under-react. Go big, tell everybody you know, get the word out, even if the police won’t help you, try to report it anyway.

    In times of tight money, scam teams get more aggressive, protect yourself.

  7. Blitzgal says:

    The newest spam messages I’ve been getting the past few days are pretty hilarious. They claim to be from “your credit card company,” they begin with odd salutations such as “hullo,” and they end with even more bizarre sign-offs, like “please remember me to your parents.” They claim that there are some fraudulent charges on my card and I’m asked to open an attached Word document to peruse my recent statements. Just very badly put together.

  8. Received a very nice, well written, completely pausible scam email today. Darn I wish I actually saved the sucker.

    In the email, it was stated that the Bank had been sold in the past few days, (small bank and yes it was) and in the consolidation of accounts between the two banks (old bank and buying bank) there could have been some mistakes {yada, yada, yada}, please review your account and confirm there were no errors in the account.

    Yes there was the proverbial click here button, but there was even more…. a notice that the receiver of the email could visit the branch if the receiver did not want to perform the transaction over the ‘net, or could call your local branch and confirm the information (NO telephone number given).

    {how nice, appealing to the sense of security)

    Only one little problem. I don’t have a farking account at either bank.

    Bottom line, some of the spammers are getting more responsive to the concerns of their readers and are becoming more creative in their efforts.

    Think how many little old men and women might actually fall for a well written scam email that gives them options on how to be scammed.

  9. glennski says:

    What’s really crazy is some of the latest credit card protection for online transactions looks like a spoof website.

    Don’t know if anyone has dealth with the Verified by Visa, or Mastercard Secure program. Looks so fishy that I thought I was scammed for sure. Page is hosted at Securesuites.net or something scammy sounding like that, and the SSL cert is verified by Cyoka Inc., a company I had never even heard of, and had no way of knowing it was employed as a third party by Visa to do these verifications.