|
December 16, 2011 - If you are like me, you don't do your banking online. Frankly, I'd very much like to have that convenience but the risks are just too high and current law favors banks over consumers when it comes to online bank fraud. So I continue to drive to my local branch, make my deposits and do pretty much anything I need to do with regard to banking. But even I have to admit that I have made certain inquiries using my bank's website. Nothing that requires an account number mind you, but looking up product information and branch hours. So I wasn't surprised to see a bank notice come in by mail informing me of FDIC policy changes. But a glance at the message told me that it was a scam.
|
|
|
|
|
|
 |
I've actually received two e-mail messages in the past two days announcing an FDIC policy change in the subject line of the message. Originally, I thought the messages were being sent out by my bank. As soon as I opened the message though, I knew it was a scam. Unfortunately, my concern is that it may not be quite so apparent to everyone else. So, if you get such a notice, here is what to look for.
First, my name didn't appear anywhere in the body of the message. Since my bank does know who I am, I thought it was odd that I'd receive something from them addressed to "Dear Sir".
Another clue came from the fact that multiple e-mail addresses appeared in the "To" area of the address line. Commercial organizations don't do this. In fact, addressing a message in this way would violate the bank's privacy policies.
In the body of the message was link to a website that didn't contain the name of my bank or the FDIC. I'm fairly certain that if I had clicked on the link, my computer would have been in trouble. The link would likely have installed a virus, Trojan horse or malware on my computer.
In all, this particular phishing attack wasn't very sophisticated. The problem is that we saw a similar phishing attack earlier this month. Within a week of the time that attack started, it went from being unsophisticated and using a generic look to very sophisticated using bank letterhead and including legitimate links to the bank and to government regulatory sites. Since there is no barrier to entry on this type of attack… a high school student with a $200 computer could actually run something like this without any difficulty… we expect that this version will get more sophisticated quickly.
If you do receive announcements through e-mail from your bank, don't respond to them. If the message is something of interest to you, don't click on the links within the message. Either navigate to your bank's website manually and then search the site for what you are looking for, or pick up the phone and call your bank and ask about the message you received. You simply can't be too cautious. Making a mistake in a phishing attack like this could result in your bank account being drained, you computer being hijacked and your identity being stolen.
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|
Fraud and Scams 
