|
Publication Date: Friday, August 20, 2004 Bogus e-mails target bank accounts
Bogus e-mails target bank accounts
(August 20, 2004) 'Phishing' catches folks hook, line and sinker
by Teresa C. Brown
Some crooks are "phishing," hoping innocent U.S. Bank customers will bite the cyber-bait.
Using an e-mail scam known as "phishing," high-tech con artists have sent out e-mails en masse to bank customers and non-customers alike, instructing the unsuspecting people to update account information online.
The e-mails are bogus, said Amy Frantti, U.S. Bancorp's media relations assistant vice president at the company's headquarters in Minneapolis.
"U.S. Bank wouldn't send out e-mails to ask for personal information," she said. "We already have it."
The scam e-mail message attempts to catch patrons off guard by goading recipients into taking immediate action online with threats that the accounts will be deleted if the update is not completed, or by stating that crooks may have already tampered with customer accounts.
The bogus e-mail includes a hyperlink that appears to be legitimate and directs customers to a Web site that also appears to be authentic.
According to the Anti-Phishing Working Group (APWG), an association with members in the financial and retail industry, the imitation Web site is a sham used to trick unsuspecting customers into divulging private account information, including personal identification (PINs) and Social Security numbers.
"Many banks are hit by this," Frantti said, adding that even retail outlets are targeted by phishers.
APWG listed U.S. Bank as the third most targeted company in June whose name and logo were mimicked, behind Citibank and eBay.
Other companies rounding out the top 15 were Paypal, Fleet, Lloyds, Barclays, AOL, Westpac, First USA, VISA, Earthlink, e-gold, Bank One and Bendigo.
APWG noted this latest U.S. Bank phishing attack on its Web site Monday and posted one variation of the generic phishing e-mail distributed by the crooks along with evidence of its forgery.
According to APWG, while most of the counterfeit Web pages appear authentic, the login page should raise eyebrows, particularly the excessive private information required to login, including credit card number, expiration date, Social Security number and ATM PIN.
Once the data is entered, the APWG warned, the fake Web site redirects the unsuspecting customer to the genuine U.S. Bank Web site.
The number of phishing attacks is on the rise. APWG, which also tracks phishing occurrences, cited that attacks grew at an average rate of 52 percent per month since December 2003 to 1,422 unique attacks occurring in June. In December, there were 116 attacks.
Moreover, the attacks prove to be successful. The organization also reported that up to 5 percent of recipients are duped by the phishing scam and become victims of identity theft and credit card fraud.
If an U.S. Bank customer finds he or she is a victim of the scam, Frantti advised, "Call the customer service line and ask for the fraud liaison center." The center will help the customer step by step through the process. "It's a one-stop shop," Frantti said.
If the victim is not a U.S. Bank customer, Frantt said that person should contact his or her financial institution immediately to help prevent identity theft and loss.
Fight 'phishers'
The Federal Trade Commission offered a few safety recommendations to avoid becoming a phishing victim:
¥ Legitimate organizations do not solicit personal information through e-mail. If you receive a suspicious e-mail, do not click on hyperlinks attached, call telephone numbers listed, reply or copy/cut and paste links from the e-mail. If you want to contact the organization to confirm the e-mail's veracity, call the company using a telephone number you know is valid.
¥ Do not use e-mail to transmit personal or financial information. E-mail is not a secure means of communication.
¥ Use anti-virus software and consider using a firewall to protect your computer and your activities online. Some high-tech scam artists send phishing e-mails that sneak programs onto your computer to spy on your Internet activity.
¥ Use discretion opening files and attachments in e-mails, even if you know the sender.
¥ Regularly review financial statements for unauthorized activity.
¥ If you get a phishing e-mail, forward it to the Federal Trade Commission Bureau of Consumer Protection at spam@uce.gov. Also contact the fraud or security department of the organization being imitated. If you believe you are a phishing victim, file a complaint with the FTC at www.ftc.gov or call (877) 382-4357.
E-mail a friend a link to this story. | 
