The schemes have been around for half a dozen years, in various flavors. Their targets, as always, are unwary consumers. They masquerade as some of our historically reliable financial institutions — banks.
They operate in the manner of most online phishing scams: an e-mail arrives, addressed to no one in particular, attempting to elicit personally identifiable information, or PII. The senders use the name of a bank as their cover.
The message usually suggests that some sort of irregularity has compromised the recipient’s account information. The e-mail asks the recipient to verify his or her account number and PIN, plus address and phone number (so the sender can keep the spam coming).
It’s bad news from the outset. The good news is that the would-be phishers usually give themselves away.
They blast thousands of messages to e-mail addresses that may or may not belong to people with accounts at the named bank. The writers use salutations such as, “Dear customer,” thinking we won’t notice they have our e-mail addresses but don’t know our names.
They fill their messages with names of executives that the real banks have never heard of. They use the same, tired script their fellow criminals have been hacking out for years, full of the same errors in spelling and grammar that make us squirm.
And they seem to be successful often enough that they keep sending the things by the thousands, every day.
A typical come-on: Take two minutes, fill out our little survey and we’ll credit your account with $50 just for your trouble. Just tell us your account information, and we’ll do the rest (will they ever!).
Another scheme goes like this: Your account may have been accessed “by an unauthorized computer.” The bank needs your PII to straighten things out. Or, to prevent such fraud, the bank needs to verify your PII and asks you to “Click here” to start that process.
Don’t EVER “click here,” unless you want to guarantee that your information will be redirected to a fraudulent site and used to drain your accounts. A click also could allow the sender to download a Trojan horse, malware that could damage your computer.
Skowhegan Savings Bank was among the most recent targets, and the bank acted quickly to put its customers on their guard. Alerted by a customer, the bank sent e-mail and snail mail to all of its customers, telling them the fake message was the work of con artists.
Bank officials hired computer experts, who located and shut down the fraudulent site within two hours of its discovery.
“We are not aware of anyone who actually gave out their information,” says John Witherspoon, president and chief executive officer of Skowhegan Savings.
Witherspoon credits public education and his customers’ vigilance with the failure of crooks to swindle anyone. He is urging officials at other banks to take similar steps when they uncover phishing attempts.
Banks and other legitimate parties will never ask for PII by e-mail or phone. If you receive such e-mails, disregard them and be sure not to click on any links or pop-ups. If you believe you have entered your information in error, call your bank’s security office immediately.
Consumer Forum is a collaboration, now in its 30th year, of the Bangor Daily News and Northeast CONTACT, Maine’s membership-funded nonprofit consumer organization. Individual and business memberships are available at modest rates. Interested and motivated prospective volunteers are always needed and welcome to apply to help with our mission. For assistance with consumer-related issues, including consumer fraud and identity theft, or for more information, write: Consumer Forum, P.O. Box 486, Brewer 04412, or e-mail firstname.lastname@example.org.