Is it Really Your Bank Emailing You?

By Dave Ehlke
Geek Housecalls, Inc.

It used to be that the biggest threat to your email box was the piles of spam junkmail that you had to wade thru to get to your “real” emails, but not so anymore. Email “phishing” scams have become a major problem.

What is Phishing? According to the AntiPhishing Working Group (www.antiphishing.org) “Phishing attacks use “spoofed” emails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames, passwords, and social security numbers. By hijacking the trusted brands of well known banks, online retailers and credit card companies, phishers are able to convince up to 5% of recipients to respond to them.”

Recently, I received an email supposedly from Citibank with a header asking me to validate my bank account. The body of the email was a form with the Citi logo and copyright, with this message:

Dear Citibank customer,

Recently there have been a large number of identity theft attempts targeting Citibank customers. In order to safeguard your account, we require that you confirm your banking details.

This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension.

To securely confirm your Citibank account details please go to:
https://web-da.us.citibank.com/signin/scripts/login/user_setup.jsp

Thank you for your prompt attention to this matter and thank you for using Citibank!

Citi Identity Theft Solutions
Do not reply to this email as it is an unmonitored alias

This is a very psychologically sophisticated message, with the corporate logo and “concerned” warning about identity theft designed to disarm you. In fact it is easy to see how somebody who’s a Citibank customer and in a hurry could easily click that link and in a matter of minutes turn over all of their critical account information to some scam artist. Beware; this is only one of many phishing scams operating today.

What can you do if you get suspicious email? As a rule of thumb, you can play it safe by never EVER responding, and never EVER giving out personal information to an unsolicited email contact no matter how legitimate it may seem. If you feel the overwhelming urge to “check it out”, do so by contacting your contact at the financial institution or whoever supposedly sent you the email, via telephone and explaining the exact message you received.

Spring 2005 -Volume 15, Number 2

 

 

All articles are copyrighted by the authors in the year published.