Scammers still phishing
Page | 1 | 2 |

Since phishing scams run rampant, it helps to know how to recognize one. Generally, they stress the urgency of updating or verifying account information in response to a pressing problem.

For the customer's "convenience," a phishing e-mail provides a link to a page where account information can be updated or verified. In reality, the link likely leads to a fraudulent Web site that will ask for sensitive information such as your date of birth, mother's maiden name, account number, credit card information, pass codes or Social Security number.

Characteristics of a phishing scam

• Greeting doesn't mention the customer's name. • Writing reflects poor grammar and sentence construction. • Implies a sense of urgency or demands immediate attention. • Attempts to scare recipient to react quickly. • Threatens account deactivation. • Contains misspelled words. • Entire body of e-mail is an image. • Asks recipient to click on a link in the e-mail. • Contains real company's logo. • Uses fake name as the sender of the e-mail. • Promises cash rewards for filling out an online survey.

We found nearly all of these characteristics in the following phishing e-mail that landed in our editors inbox at Bankrate.com. The greeting generically is addressed to a "valuable customer," sentences read in a broken English fashion, the explanation for the necessity of the security upgrade makes little sense, the deadline gives the message a sense of immediacy, the message threatens account suspension if the customer doesn't comply and the e-mail instructs the customer to click on the link. The link, of course, doesn't go to Wachovia -- hovering our cursor over the link, we found that the link actually goes to www.edencorp.net/varner/wachoviabank/bank, not an authorized Wachovia site.

After forwarding the e-mail to Wachovia at abuse@wachovia.com, the company replied, confirming that they did not send or authorize the e-mail.

Phony e-mail

Don't take the bait!
Security experts contend that banks will not send an e-mail if a real problem exists with your account. E-mail, as they know, doesn't provide a secure transfer of customer information.

When in doubt about an offer or warning, call your bank or company with which you have an account by using the number on the back of your card or a recent statement. Ask if they tried to contact you.

If they didn't, report the phishing e-mail to them. You should also forward the scam e-mail to the Federal Trade Commission at spam@uce.gov and the Anti-Phishing Working Group at reportphishing@antiphishing.org. You can also file a complaint with the Internet Crime Complaint Center, which will alert the appropriate authorities.

If you answered a phishing e-mail, consult the identity theft help page on the Federal Trade Commission's Web site.

Have you received a phishing e-mail? After notifying the authorities, forward the e-mail to us editors@bankrate.com?subject=phishing