It could be delivered as an e-mail message or in a phone call: the warning, allegedly from the Federal Deposit Insurance Corp., that your bank has been identified as one that has failed.
All it is in reality is an attempt to empty your bank account.
The phony e-mail or phone call urges you to “Check your Bank Deposit Insurance Coverage.” The caller might ask for your account number and other personal data. In the e-mail, you are told to click on a link, which takes you to one of dozens of Web sites that appear similar to fdic.gov, the real FDIC site.
They are not the real thing; instead, the sites offer what purport to be “your personal FDIC insurance file.” They look like word documents or PDF files, but the unsuspecting person who clicks on them is in for some rough going.
The files are, in fact, executable programs (with the suffix .exe). Clicking on them allows the programs to run; in these cases, they run roughshod over the personal financial information stored on your computer.
According to one security firm, the programs download a copy of what’s called a “Trojan horse” onto the computer. The malicious program can do double duty. Not only does it allow thieves to gain illegal access to victims’ bank accounts; it can also subject them to identity theft. And it can turn their computer into what’s called a “bot,” which will send the spam to other computers.
Last Wednesday the state Bureau of Financial Institutions joined the FDIC in urging consumers to be extra vigilant. Bureau Superintendent Lloyd LaFountain III said his office has learned that customers of at least three Maine financial institutions have been targeted recently. Some noncustomers have received the phony e-mails as well.
“This activity can catch any of us off-guard and before we know it, personal information has been shared,” LaFountain said. He reminded consumers that banks and credit unions virtually never send out mass e-mailings requesting financial or personal information.
LaFountain urges consumers to confirm the authenticity of all unsolicited messages from their financial institution. The bureau also recommends that consumers:
• Never provide personal information, including financial account details and Social Security numbers, to any unknown person.
• Use great caution before providing personal information that could be used to access financial accounts through e-mail or the Internet.
• Never provide account information over the phone when contacted unexpectedly by someone claiming to be from a bank or credit union; follow up with the institution by phone or in person.
• Safeguard passwords, PINs and other account-accessing details or codes; never write that information on credit or debit cards or carry it in a wallet or purse.
• Contact the bureau to report potential fraud; to obtain more details about financial privacy (www.maine.gov/pfr/privacy_links.htm); or to access the agency’s Consumer Protection Library (www.maine.gov/pfr/financialinstitutions/consumer/library.htm).
Individual banks often make good their depositors’ losses through such scams, provided the customers report the scams within 10 days. Businesses, on the other hand, are not so lucky. We’ll look at businesses as cyber fraud targets in next week’s column.
Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s membership-funded, nonprofit consumer organization. Individual and business memberships are available at modest rates.
For assistance with consumer-related issues, including consumer fraud and identity theft, or for more information, write: Consumer Forum, P.O. Box 486, Brewer 04412, or e-mail firstname.lastname@example.org.