Scammers phish with security bait
First United Bank says the e-mail, discovered July 30, is
a typical phishing scam. The message claims a problem exists
with the customer's account, expresses the urgency of a response
-- in this case, threatening account termination -- and even
puts a name with the e-mail to make it seem legitimate.
First United has never heard of Jeron Burry.
The bank would never e-mail customers about
a problem with an account, demand account information the
bank already possessed or threaten account deactivation if
a customer didn't comply, says vice president of internal
audit Lissa Henderson. "As anyone in banking knows, we
work hard to maintain a relationship with customers,"
says Henderson. "You don't threaten to terminate their
Real-life fake Web site
The link supplied in the e-mail took consumers to the spoofed
log-in page (below), which asked for credit card information
and an ATM personal identification number. On the real
site, the bank only asks for an online ID number and PIN.
||Fake Web site
courtesy of Websense Inc.
How to spot a phishing e-mail
Though phishing scams have been around for a few years, spoofed e-mails still land in inboxes every day. In fact, more than 58 percent of PC users receive at least one phishing e-mail a day, according to results from a 2006 Web poll of business PC users conducted by Sophos, an Internet security company.
In August 2006 alone, the Anti-Phishing Working Group,
a nonprofit organization dedicated to wiping out phishing scams,
received 26,150 unique phishing reports, the second highest count
they've ever recorded.