I had an interesting email this week. It was from my bank. It had the appropriate bank logos and looked like am email that they would send. It indicated that there was a problem with my debit card and that I should fill out the attached form and return it to them. Interestingly I did have an issue with a debt card at the gas pump – I thought the problem was solved. I clicked on the link to the form. It wanted my name, address, checking account number, phone, email address, and debt card number.
The form stopped me in my tracks. Why would they ask for information that they already had? I called my bank’s fraud department. First, they indicated that they would never ask for information via email that they had stored for my account. They also asked me to forward the email to them so they could investigate.
Of course, I couldn’t leave all the investigating to them. I discovered some great information on Phishing from the U.S. Computer Emergency Readiness Team (US-CERT) and want to share it with you.
Phishing emails are crafted to look as if they’ve been sent from a legitimate organization. These emails attempt to fool you into visiting a bogus web site to either download malware (viruses and other software intended to compromise your computer) or reveal sensitive personal information. The perpetrators of phishing scams carefully craft the bogus web site to look like the real thing.
For instance, an email can be crafted to look like it is from a major bank. It might have an alarming subject line, such as “Problem with Your Account.” The body of the message will claim there is a problem with your bank account and that, in order to validate your account, you must click a link included in the email and complete an online form. (This part really sounds familiar to me.)
The email is sent as spam to tens of thousands of recipients. Some, perhaps many, recipients are customers of the institution. Believing the email to be real, some of these recipients will click the link in the email without noticing that it takes them to a web address that only resembles the address of the real institution. If the email is sent and viewed as HTML, the visible link may be the URL of the institution, but the actual link information coded in the HTML will take the user to the bogus site. For example:
- visible link: http://www.yourbank.com/accounts/
- actual link to bogus site: http://itcare.co.kr/data/yourbank/index.html
The bogus site will look astonishingly like the real thing, and will present an online form asking for information like your account number, your address, your online banking username and password—all the information an attacker needs to steal your identity and raid your bank account.
Be a Skeptic
I’m glad that I was suspicious and hope that you will use this information to raise your awareness and avoid the Phishing trap.
Bogus communications purporting to be from banks, credit card companies, and other financial institutions have been widely employed in phishing scams, as have emails from online auction and retail services. Carefully examine any email from your banks and other financial institutions. Most have instituted policies against asking for personal or account information in emails, so you should regard any email making such a request with extreme skepticism.
The Anti-Phishing Working Group maintains a helpful phishing archive. The archive catalogues reported phishing scams and presents not only the content of the phishing email, but also screen captures of the bogus web sites and URLs used in the scams. A review of several of the phishing scams catalogued in the archive can provide you insight into how these scams work and arm you with the information you need to avoid falling for them.
Dean and Draper
We’re here to support you and help you find the right insurance for your needs. Please contact us with your questions.
Dean& Draper is a Trusted Choice insurance agency representing over 200 insurance companies. For over 35 years we have offered a trusted freedom of choice to our clients. ContactUs.
The recommendation(s), advice and contents of this material are provided for informational purposes only and do not purport to address every possible legal obligation, hazard, code violation, loss potential or exception to good practice. Dean & Draper Insurance Agency specifically disclaims any warranty or representation that acceptance of any recommendations or advice contained herein will make any premises, property or operation safe or in compliance with any law or regulation. Under no circumstances should this material or your acceptance of any recommendations or advice contained herein be construed as establishing the existence or availability of any insurance coverage with Dean & Draper Insurance Agency. By providing this information to you, Dean & Draper Insurance Agency does not assume (and specifically disclaims) any duty, undertaking or responsibility to you. The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.
©2017 Dean & Draper Insurance Agency All Rights Reserved.
Almost Phished – Close Call from a Scammer syndicated post