Gullible Eastern Idaho Bank Customers Trapped in a Phishing Scam
Thousands of Idahoans have received e-mails informing them about their frozen bank accounts and asking for personal information. According to the Better Business Bureau, this phishing scam has victimized around 100 users from Eastern Idaho.
On December 17, 2009, officials from Citizens Community Bank discovered that the users were directed to a forged website, which appeared similar to the bank's legitimate website. The spurious site asked the unwary patrons to provide their debit card number, expiration date, and personal identification number to verify information.
Phishers then used this information to create forged debit cards to withdraw cash from ATMs. Romania and California were among the places from where the money has been withdrawn.
If a customer clicks the link provided in this fake website, software will be loaded on his/her system. It will then scan the victim's computer to procure bank account number, sensitive information and password, and give these details to the con artist.
It is to be noted that even the text messages are used to carry out this scam along with the e-mails, and the mode of operation is same in both the cases.
The amount of stolen money is unclear; however, the biggest loss reported was $400. According to Mary Miller, Citizens' security officer, most of the customers who submitted their details did not suffer any loss as the Bureau managed to immediately cancel the transactions, as reported by BusinessWeek on December 18, 2009.
The customers in St. Louis, Cincinnati, Missouri, Lewiston and Ohio reported similar attacks. According to the Anti-Phishing Working Group, these attacks reflect the attacks made in October in Nebraska, New York and Pennsylvania. Moreover, these assails are just the next in the series of those phishing attacks which have increased 600% over 2008.
Experts recommended that the customers should never provide their PIN to avoid falling prey to these scams. This is because the bank will never ask its customers to give their debit card details as they already have proper record of their customers.
The Bureau said that in case a person happens to click any such link provided in e-mail or a text message, the only advice is to immediately place fraud alerts on all his bank accounts and credit cards, and contact the concerned bank.
Related article: Global State of Spam Points to Increased Use of Text
» SPAMfighter News - 29-12-2009