New Bank "Phishing" Scam

July 15, 2008 at 10:10 pm | Posted in Uncategorized | Leave a Comment

I just received this bank scam, and I have to admit, I did a doubletake. Unlike the normal ham-handed emails, they take the time to use really official looking labels and web addresses.

Keys to cracking the scam are simple – first, check to see if the email was sent to the email you have on file with your bank. In my case, that was the first tell-tale sign.

Second, look carefully at the email address the “notification” was sent to – if it is not precisely the same as the address you get your usual notifications from, it probably isn’t. In my case the URL was identical except that they added the number 7 at the end of the normal bank domain name.

Third, always mouse over (without CLICKING!) any addresses given. Even if the text of the link looks right, the actual URL behind that text can be completely different. In my case, the address was just an IP (numerical), so it was a dead giveaway.

Fourth, and this was a new one for me – my bank is a US bank, but the word Center in Service Center was spelled Centre. So clearly this was a student of British English…not an automated system developed with US markets in mind.

Be forewarned – the best policy in these cases is to call your bank to double – check, and just delete the email. This scam clearly builds on the weaknesses of past scams I’ve blogged about in a few important ways:
- It looks much more official and is clearly modeled after a REAL communication my bank sends out
- The issue they cite is much more believable – a fraudulent or just suspicious ATM purchase
- They’ve taken greater pains to mask their URLs under authentic URLs

In this day and age of lost corporate backups, you should be suspicious and guard your information carefully – even if it IS your bank asking for the info.

***************** TITLE: ID#XXXX Important Information Regarding Your Account

Dear [email],
We recently reviewed your account, and we suspect an unauthorized ATM based transaction. Therefore as a preventive measure we will temporary limit your access to sensitive [Bank Name] features. To ensure that your account is not compromised, please login to your Online Banking and verify your identity to prevent deactivation.

SERVICE: [Bank Name] Online Banking.

What you need to do:
- Go to: [Bank Name] Online Banking
https://[normal bank url]/cgi-bin/[bank abbrev]/portal/l/l.do

- Login to Online Banking.

Thanks for your patience.
Sincerely,
[Bank Name] Centre
****************************************************************************
For any inquiries, contact Customer Service.
****************************************************************************


Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.