Phishing Using Email
We caution consumers to be on the lookout for phishing scams in which various fraudulent emails, claiming to come from the bank, that ask you to click on links to update account or personal information. These are not legitimate emails from the bank; instead, they are fraudulent emails sent as part of a scam in which criminals try to trick people into divulging their confidential information. Do not click on any links in these emails or respond with any confidential information such as account numbers, debit card numbers or Social Security Numbers. Clicking on a link in this type of email could expose a computer to malicious software that could track keystrokes, potentially giving the scammers private information such as account passwords. Fraudulent emails such as these may look official, sometimes including the company logo.
Please contact us if you have questions about whether a communication you’ve received is legitimate.
Phishing Using Phones
Some phishing scams use phone calls to gather confidential information, via automated phone call or email saying an account or debit card has been compromised. The scam asks that a phone number be called to resolve the issue, which requests private information is entered in to the phone to verify identity. These types of phone-phishing scams, sometimes called “vishing,” have become more common with the increasing popularity of Voice over Internet Protocol (VoIP), which allows telephone calls to be made from computers instead of from traditional phones. Once the information is entered it is compromised and the scammer moves onto his next victim.
Phishing Using Surveys
These phishers send out a survey, claiming that they represent a bank or another company. The survey may start out with harmless questions to get you comfortable with responding, but then they ask for confidential information. Often, people are told they will receive a gift certificate or other reward for participating. This technique has been used over the phone in the past, but is now being used online as well. The bank will never ask for private or account information via survey.
Phishing Using Customer Authentication
This scam usually involves an email saying that your Internet Banking account has been accessed from multiple computers and will be shut down unless you click on a link, which then asks you to input your account number and password. If you receive this type of email, it is a scam; delete it without clicking on the link or responding.
In another variation, you may receive an email telling you that you need to click on a link to set up “challenge questions” that the bank would then use to confirm your identity during any future logins. The bank does ask you to establish security questions and answers, but only AFTER you’ve logged into Internet Banking and confirmed your identity.
Unlike phishing, scammers using a technique called “pharming” don’t lure their victims with emails. Instead, they install malicious software or use other techniques to re-direct a user to a fraudulent website – even if the user types the correct address into their browser or uses an existing bookmark for their bank’s website. So how can users protect themselves? If you’re going to enter confidential information on a website, first check to be sure the site has a valid certificate from a service such as VeriSign®. Click on the padlock icon in the browser’s status bar to see the certificate, and check to be sure the name on the certificate matches the website.
Regularly run anti-virus and anti-spyware software to update your computer with the latest security patches and a firewall. If you notice something suspiciously different about the way your Internet Banking is functioning, call the bank to verify that you are using the correct site.
A new scam gaining popularity among criminals involves “key logging.” Key logging software records everything that is typed on your computer, including password information, and sends the information to an outside party. The unwanted software, sometimes referred to as “spyware,” “adware” or “key logging software,” usually infects a computer in the form of a virus attached to an e-mail or other type of download. Many times, these downloads are bundled with free program offers. If you click to install a free program and click “Agree” to the End User License Agreement without reading it fully, you may be unknowingly granting permission to download spyware along with the free program.
Some signs that your PC may be infected by unwanted software include:
- A slowing of your computer, both offline and online
- An unexpected increase in unsolicited e-mail or messages sent without your knowledge
- Strange browser behavior, such as increased pop-ups or unexplained changes to your home page settings and website favorites.
To lessen your risk of key logging, avoid downloading software from sources that you do not know and trust. Also, make sure you have up-to-date antivirus protection installed on your PC. Antivirus software provides protection against viruses that compromise your computer’s security. Once installed, make sure you keep your antivirus software updated. Click here to learn more about Trojans and Keystroke Logging.