Mason Bennett Johncox - E-Mail Fraud Gets Aggressive

Search Articles

Archived Articles

From Twitter

Cast your vote for the Durham Business Times Readers Choice Awards. We have won 7 years in a row, can we make it 8? http://t.co/GrLEGHSiNovember 14th 2011, 20:46
SPIS: Important New Case from the Court of Appeal - http://eepurl.com/dKR8QMay 10th 2011, 03:54
We scooped the Court of Appeal! Internet and E-mail policies are essential. Check it out www.mbjlawyers.com/archivesMarch 23rd 2011, 01:45

Sep
2004

E-Mail Fraud Gets Aggressive

Posted by Ian A. Johncox

I got a frightening e-mail last week. The sender was shown as a bank and the subject said that it was a private urgent message.

Now, the nature of my job makes me more than a little skeptical about these things.

When you open the e-mail, it warns of attempts at identity theft of their customers. In order to protect your account, if you do not confirm your information, they will suspend your account. When you follow the link, they take you to what looks like the bank’s real site and a window pops up and prompts you to enter a lot of information, including your bank card number and PIN, credit card number and expiration date, your mother’s maiden name, SIN number and more. If you don’t enter it, you can’t close the window. It keeps popping up until you shut down your machine.

What a slick operation!

Just like the virus hoaxes, these frauds are easy to spot, if you step back and think them through.

don’t deal with that bank, so I know it is a fraud.
Even if it was my bank, I have never given my bank my e-mail address (nor have they asked), so why am I getting the e-mail?
If you were asked by a bank to enter confidential information (e.g. for online banking), you would be using a secure site and would see the security icon in your browser. The windows that pop up in the scam do not have address lines, nor any indication of being secure.
No bank ever asks you for your PIN after you have set up your online banking. A teller will never ask you in person and you never have to enter it online to “update” or “confirm” your information.
Do you really think a major bank will suspend all of its accounts unless the account owners confirm their information? Not a chance. Remember the fiasco when Royal Bank got shut down for a few days? No bank would ever allow that to happen, never mind initiate the process deliberately.

The part I like is the fear factor and the irony. People are legitimately concerned about identity theft, mainly because of the extreme inconvenience it causes. You could paraphrase the scam as this: “To prevent identity theft, just enter your information so that we can steal your identity!”

Here’s the worst part. Check your bank account agreement. If you disclose your PIN or passwords, you are liable for any losses that you incur. Most identity theft has involved double-swiping or other means by which you were not responsible for the thief getting the information. In those cases, the bank eats the losses.

However, this scam asks you to voluntarily divulge the information. The bank is entitled to disclaim any responsibility for losses, as you were the person responsible for leaking the information.

If you get an e-mail that claims to be from your bank and seeks personal information, call your bank. Don’t respond to the e-mail.