Bank Fraud warning.

[Steff]

Just passing this along..

 

NOTICE

 

 

Recently people have been receiving numerous e mails both advising them that their account at a bank (Washington Mutual where they do not have an account, and Regions Banks where they do have an account), has been compromised. To correct this I’m supposed to click on a link in order to verify my account information. These are “phi shying” messages meaning these are looking for a response in order to get into our computers. If you receive one of these do not respond. They look legitimate, but are not. If you have a concern about one of your accounts, call your institution to verify the information, do not respond to these email. Thanks!

 

__________________________________________________

__________________________________________________

____

 

Notice additional information

 

__________________________________________________

______________________

 

FDIC sends new alert on phish e-mails

 

Feb. 3, 2005—Someone is sending consumers e-mails fraudulently claiming to be sent by FDIC and, as in previously reported phish scams, directing consumers to provide sensitive information via a fraudulent Web site that is made to look like FDIC’s.

 

This particular e-mail message asks the consumer to confirm an online payment for products purchased. It directs the consumer to the fraudulent Web site, where he or she is then directed to provide sensitive financial and personal information such as bank or credit-card account numbers.

 

FDIC, in a special alert (SA-11-2005) sent to banks, warns that this e-mail may also contain a computer virus—another reason to warn consumers not to click on that link.

 

The agency has a Web site where consumers can read more about this and other types of fraudulent activity and get tips for protecting their personal information from such scams.

[Queen Prawn]

I received that several times and delete it without opening it. Okay, I opened it the first time and sent it to MSN abuse - not that MSN actually does anything about it.

[Mr. Showtime]

Finally my bank account being empty works to my advantage....

[Steff]

I received that several times and delete it without opening it.  Okay, I opened it the first time and sent it to MSN abuse - not that MSN actually does anything about it.

 

 

I've never gotten anything like this, and we do nearly all of our banking online. Where do they get the emails from..?

[Queen Prawn]

I've never gotten anything like this, and we do nearly all of our banking online. Where do they get the emails from..?

 

It's kinda funny that Brian and I get these (Brian has gotten them as well) as we do almost none of our banking online and have never banked with Washington Mutual.

[Queen Prawn]

FYI - I just received one from "Smith Barney" in my work email as well (had a virus that was caught by Postini a service the company I work for uses).

[Controlled Chaos]

Phishing is becoming very popular and a lot more advanced. It used to be that you could spot a bogus link, but not anymore. Just be wary of any email from a bank. Don't follow the links in the email. Go to your account separtely and log in. Here's an article I gave to the employees here. It just gives you a little insight.

 

 

Internet "phishing" scams are becoming more difficult to detect as criminals develop new ways to trick consumers into revealing passwords, bank account numbers and other sensitive information, security experts say.

Scam artists posed as banks and other legitimate businesses in thousands of phishing attacks last year, sending out millions of "spam" e-mails with subject lines like "account update needed" that pointed to fraudulent Web sites.

These attacks now increasingly use worms and spyware to divert consumers to fraudulent sites without their knowledge, experts say.

"If you think of phishers initially as petty thieves, now they're more like an organized crime unit," said Paris Trudeau, senior product manager for Internet-security firm SurfControl.

Phishing attacks have reached 57 million U.S. adults and compromised at least 122 well-known brands so far, according to several estimates.

At the end of 2004 nearly half of these attacks contained some sort of spyware or other malicious code, Trudeau said.

One attack, first documented last month by the Danish security firm Secunia, misdirects Web surfers by modifying a little-known directory in Microsoft Windows machines called a host file. When an Internet user types a Web address into a browser, he is directed instead to a fraudulent site.

This technique has shown up in attacks spoofing several South American banks, said Scott Chasin, chief technical officer of the security firm MX Logic.

The convergence of all of these threats means "we can expect to see some large attacks in the near term," he said.

Another more ambitious attack targets the domain-name servers that serve as virtual telephone books, matching domain names with numerical addresses given to each computer on the Internet.

IDENTITY THIEVES

If one of those computers is compromised, Internet users who type in "www.bankofamerica.com" could be directed to a look-alike site run by identity thieves.

Domain-name servers are tougher to crack, as they are typically run by businesses rather than home users, but hackers can find a way in by posing as a company's tech-support department and asking new employees for their passwords, Trudeau said.

Domain-name hijacking is suspected in incidents involving Google.com, Amazon.com, eBay Germany and HSBC Bank of Brazil, Chasin said.

Even straightforward phishing attacks are getting more sophisticated. Spelling errors and mangled Web addresses made early scams easy to spot, but scam artists now commonly include legitimate-looking links within their Web addresses, said Kate Trower, associate product manager of protection software for EarthLink Inc.

Consumers who click on links like www.citibank.com in these messages are directed to a fraudulent Web address buried in the message's technical code, she said.

MasterCard International has caught at least 10 phishing scams involving www.mastercard.com over the past two months, said Sergio Pinon, senior vice president of security and risk services.

 

Consumers can protect themselves with software that screens out viruses, spyware and spam. But online businesses will have to take steps as well, perhaps by issuing customers a physical token containing a changing password, Chasin said.

Internet engineers should also figure out a way to authenticate Web addresses, much as they are currently figuring out how to make sure e-mail addresses are legitimate, he said.