Please sign my Guestbook.

Wednesday, September 12, 2007

Bank Fraud Scam - Updated

My friend Krupo, an accountant in Canada, thought this scam was insidious enough to devote an entire post to it. So do I even though I know most of us wouldn't fall for it.

I received one of those notices from Bank of America recently. Somehow it slipped through my spam filter. Interesting since I don't have a B of A account. I have yet to receive one purportedly from my own bank but I'd ignore it if I did.

The "Internal Revenue Service" sent me one just the other day. I don't even know what gets trapped by my filter that I never see. I delete them unread after glancing
quote

Dear Valued Customer,

This email is your official notification from Ba*k of Am*rica.Your online Service has expired on 12-09-2007 ,if you want to continue using our service you have to Renew your online if not your online will be deactivated and deleted
(It goes on to say "click here". I deleted that part for this post.)

Many Thanks and Kind Regards - Bank of America Customer Department

End Quote

And further down the list, was another:


Quote

The Ba*k of Am*rica Online department kindly asks you to take part in our quick and easy 5 questions survey. In return we will credit $20.00 to your account - Just for your time!

With the information collected we can decide to direct a number of changes to improve and expand our services. The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party.

It will be stored in our secure database for maximum 7 days while we process the results of this nationwide survey. We kindly ask you to spare two minutes of your time and take part in our online survey.

end quote


Here's Krupo's post:


This summer saw a rash of phishing attacks on customers of TD Canada Trust.

Opportunistic crackers suckered people unfamiliar with the Internet into giving away their banking information.

The gist of the scam is like this:

1. "Someone is attacking your bank account."
2. "Please go to our website to confirm your information."
3. "Then you'll be safe."

The scam is as brilliant as it is insidious:

1. Yes, someone is trying to attack you. It's the person who just sent you that e-mail.
2. The website they're sending you to will look identical to your bank's site.
3. They'll take all the money out of your account as soon as they can or they'll extract all the information you give to commit identity theft, opening new credit cards accounts and other financial instruments in your name, ruining your credit card record.

There are at least three things anyone going online should know:

1. Your bank will never contact you by e-mail and ask you to share information or click on something.
* Never ever ever ever. If you think I'm wrong, call them and ask them prove me wrong.
* Don't use a phone number from the e-mail (should a scammer ever get that resourceful!) - print it out and take it to your local branch if you don't know where to call. I'm not sure if your branch is the best place, given the fact you have a bunch of high school kids working the wickets - though I'm probably being unfair, they could likely point out it's a scam better than some folks - but the manager or someone clever there should know!
2. The website address will often have the bank's name. And that means absolutely nothing. Using very basic computer code they can hide any link to a website with 'safe' looking words. Don't assume www.live.com will take you to Microsoft Live, because I can easily make it go to Google, Altavista, or Microsoft's search pages. I'll add another note regarding this at the end of this post.
3. Read carefully - note the spelling and grammar in the e-mail. Although it may not necessarily prove it's a scam, I'm amused and amazed by the number of typos you'll find in these scams. It's as if the scammer is taunting you - if you fall for their scam, they can laugh at the fact that you believed your bank would send such a poorly written e-mail. I've included a very fresh example at the end of this post. Enjoy the number of letters "e" in the word "speed" and this gem of a phrase: "to combat the fraud from our community."

What? "From our community"? Sadly, it's hard to tell whether it's a case of Engrish, deliberately poor writing, or the sign of a subpar command of the English language from a native speaker.

Either way, take advantage of those mistakes to protect yourself if you forget everything else I just said.

And yes, if you already know this, good for you. I wrote this as a reference material for anyone doing the smart thing, and trying to learn the Right Thing in case they're trying to answer the question, is this a phishing attack? Is this legitimate? Is someone trying to scam me?

Yes they are. This post will be useful if it helps even one person avoid getting swindled - if I got this piece of spam, others also got it.

For the record, the most recent attack looks like this:

Bank of America

Dear Bank of America client,

You have received this email because you or someone had used your account from different locations.For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your banking details.

The help speeed up to this process, please access the following link so we ca complete the verification of your Bank of America Online Banking Account registration information.

http://211.72.75.244/icons/www.bankofamerica.com/sslencrypt218bit/online_banking/


If we do no receive the appropriate account verification within 48 hours, then we will assume this Bank of America account is fraudulent and will be suspended.

The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community. We appreciate your support and understanding and thank you for your prompt attention to this matter.

Lastly, extra information concerning point 2 above - note where www.bankofamerica.com appears above. See that there's a number in front of the address? That's a dead giveaway that the link is a fake.

Every address on the internet - even www.steeplemedia.com actually represents a series of numbers. 211.72.75.244 is but one out of billions. If there's anything appearing in as an address other than the bank's true website name in your address bar, be very wary.

21 comments:

Diane J. said...

I just looked before typing this comment - I emptied my spam folder this morning before leaving for Lamar's dental appointment. I now have 42 new spam emails in about 12 hours time. Sometimes it's much more than that.

I am highly skeptical of any of those emails and label them scams almost immediately. I've gotten several emails in the last year wanting me to "update my information" on PayPal. Only thing is, I didn't have a PayPal account until last week!

And I don't have a major credit card so I don't have to worry about anybody stealing that information from an online transaction, thank goodness.

Hope all is well with you and Ray, Ann.

Love and hugs,

Diane

Sometimes Saintly Nick said...

Hmmm. Getting an email notice about an account one doesn’t have in a sure indication that its source is phisher.

Caitlin said...

My local bank is bad about sending emails that look phishy. If I'm not sure, I just call a local branch to verify if it or go directly to my bank's site, instead of clicking on the link.

If your email reader automatically renders HTML, it's easy to spoof a link like this: http://yourbank.com, which is why it's important to pay attention to your status bar. Mouse over it, and your status bar will show where the link actually takes you.

What's worse is that we get phishy phone calls now. My road trips always trip the fraud alert on our credit card, and we knew something wasn't right when we got one when I'd been home for 2 months. I've gotten into the habit of telling people I'll just call the number on the back of my card and settle the issue there. It's surprising how many people either just hang up or start threatening to shut my card down.

FRIDAY'S CHILD said...

Thanks for the information. I had a similar situation but it was not from a bank. It was from a Country and a certain consul informing me that I inherited a fat amount of cash. I didn't mind it. I just deleted the message. I never read my spam messages. They are always deleted before they are read but this one like yours managed to slip through.
By the way, thanks for the correction. I didn't notice the typographical error.

PI said...

Let's hope the more vulnerable and more gullible take note. I seem to have been born with a suspicious streak.

Merle said...

Hi Ann ~~ Thanks for that information. I don't do any banking
on the internet. I use cheques and Cash cards and of course cash when I have it. I hope Ray is better again and home. Glad the new place feels like home. Glad you liked the pic of my 4 eldest granddaughters.
Take care, dear Ann, Love, Merle.

Ava said...

Very informative post.

I get so much junk email ... I don't even look at it. If I don't recognize you ... you're deleted.

Dapoppins said...

Although I haven't been caught by these scams...there was a lot of information in this post I didn't know! Thank you!

Jenny said...

I've gotten the Bank of America one, the paypal one (someone put money in your account but we need your account info to confirm) and the IRS one.

There are some sick people out there.

J at www.jellyjules.com said...

Yes, I've seen these as well. They're mighty tricky, and I can see them working often enough on the less savvy folks to make it worth some crappy person's while to keep putting them out there. Ugh.

Pissed Off said...

I just deleted that e-mail. It is really making the rounds. I wonder howmany people they get withit.

nvisiblewmn said...

I know for a fact, B of A never sends you "regards."

T*mmy said...

I don't ever even look at this kind of stuff ;)

Ems said...

Good post Gran.

Glad to hear you are up and running on the blog again. I hope you are liking your new place.

I loved your tribute to Pavarotti. I will absolutely miss his glorious voice. Bono from U2 said it best, "Some people can sing opera, Luciano Pavarotti was an opera."

Cecil said...

Hey Ann...I don't know what they will come up with next....I don't open anything from anyone that I don't know and thank goodness, I go to church with a good friend that works at my bank... I can always call her if I need anything..

fjb said...

I just heard today about 2 older ladies in Vancouver getting scammed a little while ago. I always worry about my mom with this sort of thing, and she gets annoyed with me when I'm always harping on her about being careful. Insidious people who target the elderly and the vulnerable really tick me off!

lindsaylobe said...

Hi Ann

That’s good info for people on scams which are definitely becoming more sophisticated. I think it’s a sad fact for most people, the personal banking service does not exist which made fraud more difficult.

I agree with your thoughts on Pavarotti but would add further point; I think God blessed his vocal chords!
Best wishes

Puss-in-Boots said...

I don't look at this kind of stuff, it's deleted straight away. Eventually the scammers will realise that most people have more brains than they think. Unfortunately, there are always the few that fall for their tricks. At least you're doing your bit by posting this warning, Ann. Good for you.

Take care.

Gwen said...

Hi Ann.
Just popped in to say hello and hope this finds you all well.xx
P.S Hope you are getting my emails
ok.

Cecil said...

Hey Ann... Hope you're having a good weekend.. Yes, Diane is cooking tomorrow.. but I have a date with hubby... we all make the Mexican chicken and it is delicious!

Krupo said...

Glad to see such a big healthy discussion. It's nice to think that what you write might actually come in handy or otherwise be informative for someone.

And after having done some audit work that forced me to track down a phone number for BoA, I had a good chuckle at this comment: "I know for a fact, B of A never sends you "regards.""

Well said. :)