I keep getting e-mail messages telling me that I need to update information on a bank account that isn’t mine. I tried telling them that they had made a mistake, but I keep getting the messages. How do I get them to stop sending them to me?
This question was answered on July 29, 2004. Much of the information contained herein may have changed since posting.
What you are experiencing is something called a phishing scam that has been on the rise.
A phishing scam is generally an attempt to get an unsuspecting user to confirm personal information such as a bank account, credit card or social security number The phishers send out millions of e-mails in the hopes that a few will bite (thus the reference to fishing) It has been reported that as many as 5% of recipients respond to phishing attempts (Do the math!)
The most common companies that are spoofed in the current phishing scams include Amazon.com, Bank One, Citibank, EarthLink, eBay, Wells Fargo and PayPal, but more will come.
The most recent Wells Fargo look-alike phishing scam asks users to review recent policy changes, but requires the user to login to their account to get to the message center Once you have typed the username and access code, you have been had!
Any reply to the message to ask them to stop is completely futile, since the address that you are replying to is generally fake as well.
The main reason that phishing scams are on the increase is because of a vulnerability that was discovered in Microsofts Internet Explorer browser that allows a malicious user to send an e-mail with a link that spoofs a legitimate site.
This means that a link that looks like it would take you to www.bankname.com would actually take you to www.HackerWebsite.com/%0StealYourInfo, but Internet Explorer would report to you that you were at www.bankname.com.
The site would replicate what the actual banks website looked like, complete with indicators that you were on a secure website https:// and the little yellow lock on the bottom right corner) to entice you to give up your personal information.
Anything that asks you to update or confirm your social security number (when was the last time your SSN changed?) or any other personal information, especially when it comes in the form of an e-mail should instantly send off warning bells in your head.
E-mail has always been a fairly questionable source for information, but now it has become downright untrustworthy Corporate logos, links to websites and references to government or corporate security agencies can all be spoofed in an attempt to get you to give up some piece of personal information that can be used to victimize you.
Here are some tips on how to protect yourself from phishing scams:
First and foremost, make sure that you have updated Windows and Internet Explorer with the latest security patches by going to http://windowsupdate.microsoft.com (do not put www at the beginning), so spoofed website addresses can not be displayed in your address bar.
Whenever a link in an e-mail message is suspicious, do not click on the link; manually type the link into your browsers address bar so you can control where you actually go If the site does not have any reference to the information contained in the e-mail, it was likely a phishing scam.
Finally, when in doubt, call or manually e-mail the company for clarification, but never respond to the message.
If you feel you have been a victim of a phishing scam, contact your financial institution immediately to get your account access code changed.
About the author
Posted by Ken Colburn of Data Doctors on July 29, 2004